Security News > 2021 > September > Researchers compile list of vulnerabilities abused by ransomware gangs

Researchers compile list of vulnerabilities abused by ransomware gangs
2021-09-18 14:00

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks.

While these bugs have been or still are exploited by one ransomware group or another in past and ongoing attacks, the list has also been expanded to include actively exploited flaws, as security researcher Pancak3 explained.

HelloKitty ransomware targeted vulnerable SonicWall devices in July, while REvil breached Kaseya's network and hit roughly 60 MSPs using on-premise VSA servers and 1,500 downstream business customers [1, 2, 3]. FiveHands ransomware was busy exploiting the CVE-2021-20016 SonicWall vulnerability before being patched in late February 2021, as Mandiant reported in June.

In March, Microsoft Exchange servers worldwide were hit by Black Kingdom [1, 2] and DearCry ransomware as part of a massive wave of attacks directed at systems unpatched against ProxyLogon vulnerabilities.

The federal agency also released a new ransomware self-assessment security audit tool in June designed to help at-risk organizations understand if they're equipped to defend against and recover from ransomware attacks targeting information technology, operational technology, or industrial control system assets.

CISA provides a Ransomware Response Checklist for organizations that have been hit by a ransomware attack, advice on how to protect against ransomware, and answers to frequently asked questions about ransomware.


News URL

https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2021-20016 SQL Injection vulnerability in Sonicwall products
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
network
low complexity
sonicwall CWE-89
7.5