Security News > 2024 > February > Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
The company removed all license restrictions last week so customers with expired licenses can secure their servers from ongoing attacks given that these two security bugs impact all ScreenConnect versions.
While analyzing these ongoing attacks, Trend Micro discovered that the Black Basta and Bl00dy ransomware gangs have also started exploiting the ScreenConnect flaws for initial access and backdooring the victims' networks with web shells.
While investigating their attacks, Trend Micro observed reconnaissance, discovery, and privilege escalation activity after the attackers gained access to the network and Black Basta-linked Cobalt Strike beacons being deployed on compromised systems.
The Bl00dy ransomware gang used payloads built using leaked Conti and LockBit Black builders.
Sophos first revealed in a Thursday report that the recently patched ScreenConnect flaws are exploited in ransomware attacks.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)