Security News > 2021 > October > New Atom Silo ransomware targets vulnerable Confluence servers
Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads.
Ransomware gangs start targeting Confluence servers.
Ransomware payloads deployed by Atom Silo also come with a malicious kernel driver used to disrupt endpoint protection solutions and evade detection.
"While similar to another recently discovered ransomware group, LockFile, Atom Silo has emerged with its own bag of novel and sophisticated tactics, techniques and procedures that were full of twists and turns and challenging to spot - probably intentionally so."
Atom Silo made significant efforts to evade detection prior to launching the ransomware, which included well-worn techniques used in new ways. Other than the backdoors themselves, the attackers used only native Windows tools and resources to move within the network until they deployed the ransomware."
As BleepingComputer cautioned at the time, although these attackers were only deploying cryptocurrency miners, they could quickly escalate to ransomware payloads and data exfiltration once the threat actors started moving laterally through corporate networks from hacked on-prem Confluence servers.