New Cring Ransomware Deployed via Unpatched Fortinet VPNs

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://therecord.media/new-cring-ransomware-deployed-via-unpatched-fortinet-vpns/
Unpatched Fortinet VPN devices are being hacked to deploy a new strain of ransomware inside corporate networks, Russian security firm Kaspersky said today.

“Victims of these attacks include industrial enterprises in European countries,” Kaspersky senior security researcher Vyacheslav Kopeytsev said in a report today. “At least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted,” Kopeytsev said, but without revealing the victim’s name.
Click to expand...
The Kaspersky report published today sheds some light on how these attacks take place, and, according to Kopeytsev, Cring is the latest “human-operated ransomware strain.” What this means is that infections with Cring usually happen after attackers orchestrate intrusions into corporate networks, expand their access to as many systems as possible, and only then run the ransomware during a hands-on-keyboard intrusion. In Cring’s case, the initial intrusion vector appears to be Fortinet devices that haven’t been patched for the CVE-2018-13379 vulnerability.

According to Kaspersky, the intruders used exploits for this bug to access the VPN device, after which they used the Mimikatz open-source tool to dump credentials of Windows users who had previously logged in to the compromised VPN. The attackers then used the credentials to connect to internal workstations on the victim’s internal network, where they used PowerShell scripts and the Cobalt Strike intrusion simulation framework to escalate access to even more internal systems, after which, as a last step, downloaded the Cring ransomware on each system, and proceeded to encrypt local files.
Click to expand...
therecord.media

New Cring ransomware deployed via unpatched Fortinet VPNs

Unpatched Fortinet VPN devices are being hacked to deploy a new strain of ransomware inside corporate networks, Russian security firm Kaspersky said today.
therecord.media therecord.media
 
  • +Reputation
  • Like
  • Wow
Reactions: Nevi, omidomi, dinosaur07 and 10 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • Wow
Akira ransomware targets Cisco VPNs to breach organizations
Replies
0
Views
1,148
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • Wow
US energy firm shares how Akira ransomware hacked its systems
Replies
0
Views
656
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
LASER_oneXM
    • Like
    • +Reputation
    • Wow
New Cactus ransomware encrypts itself to evade antivirus
Replies
0
Views
1,027
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top