WS_FTP: Ransomware attacks on unpatched servers – Kiratas>
Kiratas – Eliza Houghton
The manufacturer Progress recently addressed security vulnerabilities in the WS_FTP server, including critical ones that attackers had attempted to exploit.
Sophos, an IT security company, has now discovered a rise in ransomware attacks targeting unpatched WS_FTP servers.
These attacks were not successful due to the intervention of Sophos software and a behavior blocker rule that prevented the downloads.
The malware used in these attacks is compiled from leaked Lockbit 3.0 sources.
The attackers breached the vulnerabilities and downloaded a Powershell script called “goodpbye.ps1,” which then introduced the Lockbit 3-based malware onto the system.
The criminal organization responsible for these attacks is known as the “Reichsadler Cybercrime Group.” They attempted to extort $500 worth of Bitcoin from their victims.
IT managers are advised to promptly apply the available updates to the WS_FTP server, as Progress had released updates approximately two weeks ago to address eight security vulnerabilities, two of which were classified as critical.
Link: https://www.kiratas.com/2023/10/16/ws_ftp-ransomware-attacks-on-unpatched-servers-2/