"Ransomware Targets Unpatched WS_FTP Servers"

According to security researchers at Sophos X-Ops' unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability.  The researchers noted that despite Progress Software releasing a patch for the WS_FTP Server vulnerability (tracked CVE-2023-40044) just last month, not all servers have been updated, leaving them vulnerable to exploitation.  The researchers saw an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group.  The attack reportedly utilized a stolen LockBit 3.0 builder to create ransomware payloads.  The threat actors attempted to escalate privileges using the open-source GodPotato tool, known for enabling privilege escalation across various Windows client and server platforms. 

 

Infosecurity reports: "Ransomware Targets Unpatched WS_FTP Servers"

Submitted by Adam Ekwall on