Security News > 2021 > August > Ransomware gang uses PrintNightmare to breach Windows servers
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.
PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.
As Crowdstrike researchers discovered last month, the Magniber ransomware gang is now using PrintNightmare exploits for these exact purposes in attacks against South Korean victims.
"On July 13, CrowdStrike successfully detected and prevented attempts at exploiting the PrintNightmare vulnerability, protecting customers before any encryption takes place," said Liviu Arsene, Crowdstrike's Director of Threat Research and Reporting.
Magniber ransomware has been active since October 2017, when it was being deployed through malvertising using the Magnitude Exploit Kit as the successor of Cerber ransomware.
The cybersecurity agency also published a PrintNightmare alert on July 1st, encouraging security professionals to disable the Windows Print Spooler service on all systems not used for printing.
News URL
Related news
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- LA housing authority confirms breach claimed by Cactus ransomware (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)