08.04.2021
Kaspersky Lab specialists have published a report on the new ransomware Cring, the operators of which exploit a vulnerability in older versions of Fortinet VPN gateways.
Cring operators exploit the CME-2018-13379 vulnerability in Fortinet SSL VPN devices to gain access to the victim’s network. Then, using the modified Mimikatz utility, they obtain the logins and passwords of users with administrative privileges and infect the IT infrastructure of the attacked company.
“Among the victims of the new viral campaign were industrial corporations from Europe. In at least one case, the infection led to a temporary interruption in production, as the servers used in production were encrypted with a virus, ”the report says.
After gaining access to the server in the attacked company, the attackers use a Powershell script to download the Cring ransomware virus itself. The virus disables some services and closes applications in order to remove file locks and completely encrypt data on the server. For example, it stops backup system services as well as database services.
For encryption, the robust algorithms RSA-8192 and AES-128 are used. After the end of the encryption process, the files !!!!! readme.rtf and deReadMe !!!. Txt with a ransom demand appear in the directories. The files indicate that the “typical ransom size” is 2 BTC, but if large infrastructure is infected, the ransom size increases.
The CME-2018-13379 vulnerability in Fortinet devices was patched back in May 2019. The company’s representatives urged all users of its products to immediately update the gateways, if this has not been done previously.
Recently, several American universities immediately reported the leak of personal and financial data into the hands of the operators of the Clop ransomware virus. Hackers exploited a vulnerability in the Accellion File Transfer Appliance data transfer solution.
Telegram channel!
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.