Ransomware gang uses PrintNightmare to breach Windows servers

2021-08-12 09:03

Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.

PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.

As Crowdstrike researchers discovered last month, the Magniber ransomware gang is now using PrintNightmare exploits for these exact purposes in attacks against South Korean victims.

"On July 13, CrowdStrike successfully detected and prevented attempts at exploiting the PrintNightmare vulnerability, protecting customers before any encryption takes place," said Liviu Arsene, Crowdstrike's Director of Threat Research and Reporting.

Magniber ransomware has been active since October 2017, when it was being deployed through malvertising using the Magnitude Exploit Kit as the successor of Cerber ransomware.

The cybersecurity agency also published a PrintNightmare alert on July 1st, encouraging security professionals to disable the Windows Print Spooler service on all systems not used for printing.

News URL

https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-printnightmare-to-breach-windows-servers/

#breach #ransomware #server #windows

News URL

Related news