Security News > 2024 > February > ScreenConnect servers hacked in LockBit ransomware attacks

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.
Cybersecurity company Huntress confirmed their findings and told BleepingComputer that "a local government, including systems likely linked to their 911 Systems" and a "Healthcare clinic" have also been hit by LockBit ransomware attackers who used CVE-2024-1709 exploits to breach their networks.
"We can't attribute this directly to the larger LockBit group but it is clear that lockbit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement."
As part of this joint operation, Japan's National Police Agency developed a free LockBit 3.0 Black Ransomware decryptor using over 1,000 decryption keys retrieved from LockBit's seized servers and released on the 'No More Ransom' portal.
During Operation Cronos, several LockBit affiliates were arrested in Poland and Ukraine, while French and U.S. authorities issued three international arrest warrants and five indictments targeting other LockBit threat actors.
News URL
Related news
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-21 | CVE-2024-1709 | Unspecified vulnerability in Connectwise Screenconnect 22.7/23.8.4/23.8.5 ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | 10.0 |