Security News > 2024 > May > Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an SSH client.
System administrators commonly have higher privileges on a Windows network, making them valuable targets for threat actors who want to quickly spread through a network, steal data, and gain access to a network's domain controller to deploy ransomware.
A recent report by Rapid7 says that a search engine campaign displayed ads for fake Putty and WinSCP sites when searching for download winscp or download putty.
While these sites impersonated the legitimate site for WinSCP, the threat actors imitated an unaffiliated site for PuTTY, which many people believe is the real site.
The official site for PuTTY is actually https://www.
Windows Quick Assist abused in Black Basta ransomware attacks.