Security News > 2021 > August > Ransomware gang uses PrintNightmare to breach Windows servers
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.
PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.
As Crowdstrike researchers discovered last month, the Magniber ransomware gang is now using PrintNightmare exploits for these exact purposes in attacks against South Korean victims.
"On July 13, CrowdStrike successfully detected and prevented attempts at exploiting the PrintNightmare vulnerability, protecting customers before any encryption takes place," said Liviu Arsene, Crowdstrike's Director of Threat Research and Reporting.
Magniber ransomware has been active since October 2017, when it was being deployed through malvertising using the Magnitude Exploit Kit as the successor of Cerber ransomware.
The cybersecurity agency also published a PrintNightmare alert on July 1st, encouraging security professionals to disable the Windows Print Spooler service on all systems not used for printing.
News URL
Related news
- BT unit took servers offline after Black Basta ransomware breach (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Anna Jaques Hospital ransomware breach exposed data of 300K patients (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Krispy Kreme breach, data theft claimed by Play ransomware gang (source)
- Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)