Security News > 2021 > August > Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities
Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.
"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will continue to see more widespread adoption and incorporation by various adversaries moving forward," Cisco Talos said in a report published Thursday, corroborating an independent analysis from CrowdStrike, which observed instances of Magniber ransomware infections targeting entities in South Korea.
While Magniber ransomware was first spotted in late 2017 singling out victims in South Korea through malvertising campaigns, Vice Society is a new entrant that emerged on the ransomware landscape in mid-2021, primarily targeting public school districts and other educational institutions.
Since June, a series of "PrintNightmare" issues affecting the Windows print spooler service has come to light that could enable remote code execution when the component performs privileged file operations -.
CrowdStrike noted it was able to successfully prevent attempts made by the Magniber ransomware gang at exploiting the PrintNightmare vulnerability.
"Adversaries are constantly refining their approach to the ransomware attack lifecycle as they strive to operate more effectively, efficiently, and evasively," the researchers said.