Ransomware operators shut down two production facilities having a place with a European manufacturer in the wake of conveying a relatively new strain that encrypted servers that control a manufacturer's industrial processes, a researcher from Kaspersky Lab said on Wednesday. Threat actors are abusing a Fortinet vulnerability flagged by the feds a week ago that conveys a new ransomware strain, named Cring, that is targeting industrial enterprises across Europe.
Researchers say the attackers are misusing an unpatched path-reversal flaw, followed as CVE-2018-13379, in Fortinet's FortiOS. The objective is to access the victim's enterprise networks and eventually convey ransomware, as indicated by a report by Kaspersky Lab. “In at least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted,” Kaspersky senior security researcher Vyacheslav Kopeytsev wrote in the report.
Cring is relatively new to the ransomware threat scene—which as of now incorporates prevailing strains REvil, Ryuk, Maze, and Conti. Cring was first noticed and revealed by the analyst who goes by Amigo_A and Swisscom's CSIRT team in January. The ransomware is one of a kind in that it utilizes two types of encryption and annihilates backup files to threaten victims and keep them from retrieving backup files without paying the ransom. A week ago, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) cautioned that nation-state advanced persistent threat (APT) groups were effectively abusing known security vulnerabilities in the Fortinet FortiOS operating system, influencing the organization's SSL VPN items.
In its report, Kaspersky echoed the feds cautioning adding attackers are first scanning connectio ..
Support the originator by clicking the read the rest link below.
