Security News > 2024 > February > Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
The company removed all license restrictions last week so customers with expired licenses can secure their servers from ongoing attacks given that these two security bugs impact all ScreenConnect versions.
While analyzing these ongoing attacks, Trend Micro discovered that the Black Basta and Bl00dy ransomware gangs have also started exploiting the ScreenConnect flaws for initial access and backdooring the victims' networks with web shells.
While investigating their attacks, Trend Micro observed reconnaissance, discovery, and privilege escalation activity after the attackers gained access to the network and Black Basta-linked Cobalt Strike beacons being deployed on compromised systems.
The Bl00dy ransomware gang used payloads built using leaked Conti and LockBit Black builders.
Sophos first revealed in a Thursday report that the recently patched ScreenConnect flaws are exploited in ransomware attacks.
News URL
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering (source)
- Ransomware attack hits leading heart surgery device maker (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)