Security News > 2023 > September > Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
Although Openfire fixed the issue with versions 4.6.8, 4.7.5, and 4.8.0, released in May 2023, VulnCheck reported that by mid-August 2023, over 3,000 Openfire servers were still running a vulnerable version.
BleepingComputer has found multiple reports from customers saying their Openfire servers were encrypted with ransomware, with one stating that the files were encrypted with the.
BleepingComputer is aware of Openfire servers encrypted by this ransomware in June.
The threat actor does not appear to solely target Openfire servers, but any vulnerable web server.
Over 3,000 Openfire servers vulnerable to takover attacks.