Security News > 2024 > February > Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
The company removed all license restrictions last week so customers with expired licenses can secure their servers from ongoing attacks given that these two security bugs impact all ScreenConnect versions.
While analyzing these ongoing attacks, Trend Micro discovered that the Black Basta and Bl00dy ransomware gangs have also started exploiting the ScreenConnect flaws for initial access and backdooring the victims' networks with web shells.
While investigating their attacks, Trend Micro observed reconnaissance, discovery, and privilege escalation activity after the attackers gained access to the network and Black Basta-linked Cobalt Strike beacons being deployed on compromised systems.
The Bl00dy ransomware gang used payloads built using leaked Conti and LockBit Black builders.
Sophos first revealed in a Thursday report that the recently patched ScreenConnect flaws are exploited in ransomware attacks.
News URL
Related news
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- Duvel says it has "more than enough" beer after ransomware attack (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- JetBrains TeamCity under attack by ransomware thugs after disclosure mess (source)
- Possible China link to Change Healthcare ransomware attack (source)
- Change Healthcare registers pulse after crippling ransomware attack (source)
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- JetBrains is still mad at Rapid7 for the ransomware attacks on its customers (source)