Security News > 2024 > May > Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an SSH client.
System administrators commonly have higher privileges on a Windows network, making them valuable targets for threat actors who want to quickly spread through a network, steal data, and gain access to a network's domain controller to deploy ransomware.
A recent report by Rapid7 says that a search engine campaign displayed ads for fake Putty and WinSCP sites when searching for download winscp or download putty.
While these sites impersonated the legitimate site for WinSCP, the threat actors imitated an unaffiliated site for PuTTY, which many people believe is the real site.
The official site for PuTTY is actually https://www.
Windows Quick Assist abused in Black Basta ransomware attacks.
News URL
Related news
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)