untitled design

New Cring Ransomware Virus Attacks Fortinet VPN Gateways


Kaspersky Lab specialists have published a report on the new ransomware Cring, the operators of which exploit a vulnerability in older versions of Fortinet VPN gateways.

Cring operators exploit the CME-2018-13379 vulnerability in Fortinet SSL VPN devices to gain access to the victim’s network. Then, using the modified Mimikatz utility, they obtain the logins and passwords of users with administrative privileges and infect the IT infrastructure of the attacked company.

“Among the victims of the new viral campaign were industrial corporations from Europe. In at least one case, the infection led to a temporary interruption in production, as the servers used in production were encrypted with a virus, ”the report says.

After gaining access to the server in the attacked company, the attackers use a Powershell script to download the Cring ransomware virus itself. The virus disables some services and closes applications in order to remove file locks and completely encrypt data on the server. For example, it stops backup system services as well as database services.

For encryption, the robust algorithms RSA-8192 and AES-128 are used. After the end of the encryption process, the files !!!!! readme.rtf and deReadMe !!!. Txt with a ransom demand appear in the directories. The files indicate that the “typical ransom size” is 2 BTC, but if large infrastructure is infected, the ransom size increases.

The CME-2018-13379 vulnerability in Fortinet devices was patched back in May 2019. The company’s representatives urged all users of its products to immediately update the gateways, if this has not been done previously.

Recently, several American universities immediately reported the leak of personal and financial data into the hands of the operators of the Clop ransomware virus. Hackers exploited a vulnerability in the Accellion File Transfer Appliance data transfer solution.

Telegram channel!

You may also like

Ethena Labs project will hold an airdrop
Top News
David

Ethena Labs project will hold an airdrop

The Ethereum-based decentralized stablecoin (USDe) protocol team, Ethena Labs, announced an airdrop on April 2, 2024. We are excited to

Get the latest

Stay Informed: Get the Latest Updates and Insights

 

Most popular