Security News > 2021 > August > Ransomware gang uses PrintNightmare to breach Windows servers
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.
PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.
As Crowdstrike researchers discovered last month, the Magniber ransomware gang is now using PrintNightmare exploits for these exact purposes in attacks against South Korean victims.
"On July 13, CrowdStrike successfully detected and prevented attempts at exploiting the PrintNightmare vulnerability, protecting customers before any encryption takes place," said Liviu Arsene, Crowdstrike's Director of Threat Research and Reporting.
Magniber ransomware has been active since October 2017, when it was being deployed through malvertising using the Magnitude Exploit Kit as the successor of Cerber ransomware.
The cybersecurity agency also published a PrintNightmare alert on July 1st, encouraging security professionals to disable the Windows Print Spooler service on all systems not used for printing.
News URL
Related news
- Rubrik rotates authentication keys after log server breach (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- UK fines software provider £3.07 million for 2022 ransomware breach (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Retail giant Sam’s Club investigates Clop ransomware breach claims (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)