Ikoula

Ikoula operates as a hosting service provider headquartered in France, delivering infrastructure solutions that include virtualized server environments such as VMware ESXi. The company supports a range of clients by providing platforms for deploying and managing virtual machines, with services encompassing dedicated hosting, cloud solutions, and colocation. Its operational footprint is notably felt in the European market, particularly in France, where a significant portion of its infrastructure is located. The targeting of Ikoula's customers in a global ransomware campaign attests to its scale within the hosting industry, managing servers that are integral to client business operations. While precise metrics on size or client count are not disclosed, the incident's impact on its infrastructure indicates a substantial deployment of ESXi servers under its management.

The February 2023 ransomware attack exploited vulnerabilities in older VMware ESXi versions, specifically CVE-2021-21974, to deploy the ESXiArgs ransomware across servers used by Ikoula and other providers. This automated campaign encrypted files with a .args extension and demanded ransoms, affecting thousands of systems globally with a concentration in France. In response, Ikoula issued urgent security advisories to its clients, emphasizing the need for ESXi updates and firewall configurations to block port 427. These communications, shared via public channels like Twitter, highlight the company's commitment to client protection and industry collaboration during cybersecurity incidents. The event also underscores the persistent threat landscape facing hosting providers, where vulnerabilities in widely used virtualization platforms can lead to widespread disruption. Ikoula's involvement in this incident situates it within a network of providers that must continuously address emerging threats to maintain service integrity and client trust.