Security News > 2024 > February > ScreenConnect servers hacked in LockBit ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.
Cybersecurity company Huntress confirmed their findings and told BleepingComputer that "a local government, including systems likely linked to their 911 Systems" and a "Healthcare clinic" have also been hit by LockBit ransomware attackers who used CVE-2024-1709 exploits to breach their networks.
"We can't attribute this directly to the larger LockBit group but it is clear that lockbit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement."
As part of this joint operation, Japan's National Police Agency developed a free LockBit 3.0 Black Ransomware decryptor using over 1,000 decryption keys retrieved from LockBit's seized servers and released on the 'No More Ransom' portal.
During Operation Cronos, several LockBit affiliates were arrested in Poland and Ukraine, while French and U.S. authorities issued three international arrest warrants and five indictments targeting other LockBit threat actors.
News URL
Related news
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Police arrest four suspects linked to LockBit ransomware gang (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-21 | CVE-2024-1709 | Unspecified vulnerability in Connectwise Screenconnect 23.8.4/23.8.5 ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | 10.0 |