Security News > 2021 > August > Ransomware gang uses PrintNightmare to breach Windows servers
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.
PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.
As Crowdstrike researchers discovered last month, the Magniber ransomware gang is now using PrintNightmare exploits for these exact purposes in attacks against South Korean victims.
"On July 13, CrowdStrike successfully detected and prevented attempts at exploiting the PrintNightmare vulnerability, protecting customers before any encryption takes place," said Liviu Arsene, Crowdstrike's Director of Threat Research and Reporting.
Magniber ransomware has been active since October 2017, when it was being deployed through malvertising using the Magnitude Exploit Kit as the successor of Cerber ransomware.
The cybersecurity agency also published a PrintNightmare alert on July 1st, encouraging security professionals to disable the Windows Print Spooler service on all systems not used for printing.
News URL
Related news
- Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Sarcoma ransomware claims breach at giant PCB maker Unimicron (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)