Security News > 2023 > October > Thwarted ransomware raid targeting WS_FTP servers demanded just 0.018 BTC

An early ransomware campaign against organizations by exploiting the vulnerability in Progress Software's WS FTP Server was this week spotted by security researchers.

Sophos X-Ops revealed on Thursday its customers have been targeted by ransomware criminals who lifted took their code from LockBit 3.0, which was leaked last year, shortly after this latest strain was created.

The ransomware failed to run as anticipated and encrypt any files - Sophos said its antivirus was able to block it - allowing the payload to be captured and examined.

That's good news for the intended victims, though it appears WS FTP Server was exploited successfully and malicious code was run.

It's generally understood that ransomware gangs will demand a fee of around 3 percent of whatever they calculate the target's annual revenue to be, though these calculations are sometimes based on wrong information and can be incorrectly inflated.

Patches for the eight vulnerabilities in WS FTP were released on September 27 and Rapid7's researchers spotted the first wave of attacks exploiting the vulnerabilities three days later.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/13/ws_ftp_bug_ransomware/