"Ransomware Targets Unpatched WS_FTP Servers"

According to security researchers at Sophos X-Ops' unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability. The researchers noted that despite Progress Software releasing a patch for the WS_FTP Server vulnerability (tracked CVE-2023-40044) just last month, not all servers have been updated, leaving them vulnerable to exploitation. The researchers saw an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group. The attack reportedly utilized a stolen LockBit 3.0 builder to create ransomware payloads. The threat actors attempted to escalate privileges using the open-source GodPotato tool, known for enabling privilege escalation across various Windows client and server platforms.

Infosecurity reports: "Ransomware Targets Unpatched WS_FTP Servers"

Submitted by Adam Ekwall on Mon, 10/16/2023 - 11:35