HomeRisk ManagementsVEEAM exploit used in new ransomware attack known as "Frag", reports Sophos...

VEEAM exploit used in new ransomware attack known as “Frag”, reports Sophos News

Published on

spot_img

Sophos X-Ops recently revealed the emergence of a new ransomware threat cluster that exploited a vulnerability in Veeam backup servers. This threat cluster, referred to as STAC 5881, utilized compromised VPN appliances for access and leveraged the CVE-2024-40711 vulnerability to create a new local administrator account named “point.”

The deployment of this new ransomware was observed in cases where the threat actor behind STAC 5881 targeted organizations. The ransomware, named Frag, was executed through a command line with various parameters, including the percentage of file encryption. Attackers could specify directories or individual files to encrypt, with the files being given a .frag extension once encrypted.

Despite the deployment of Frag ransomware, Sophos endpoint protection’s CryptoGuard feature successfully blocked the ransomware, and a detection for the ransomware binary has been added to enhance protection against it.

The tactics employed by the threat actor behind Frag were similar to those used by the Akira and Fog ransomware threat actors. Agger Labs also noted the resemblance in behaviors between Frag and Akira ransomware, indicating a possible emergence of a new ransomware player in the threat landscape. Sophos X-Ops continues to monitor this threat behavior closely and will provide updates with additional technical details as they become available.

Overall, the deployment of Frag ransomware highlights the evolving nature of cyber threats and the importance of proactive cybersecurity measures to mitigate the risks posed by ransomware attacks. Organizations are encouraged to stay vigilant, update their security solutions, and implement best practices to safeguard against the increasing sophistication of threat actors in the digital realm.

Source link

Latest articles

Is Your Password Strong Enough to Prevent a Hack? Avoid These Common Mistakes that Leave Millions Vulnerable

In the digitally driven world of today, where almost every aspect of our lives...

CISA Director Jen Easterly Announces Resignation on Inauguration Day

The Cybersecurity and Infrastructure Security Agency (CISA) has officially announced that Jen Easterly, the...

Challenges of Contemporary Phishing and Browser Security Measures to Address Them

In the ever-evolving landscape of cyber threats, organizations are facing increasingly sophisticated phishing attacks...

Google OSS-Fuzz Uses AI to Uncover 26 Security Flaws

Researchers from Google's OSS-Fuzz team have made a significant breakthrough by using AI to...

More like this

Is Your Password Strong Enough to Prevent a Hack? Avoid These Common Mistakes that Leave Millions Vulnerable

In the digitally driven world of today, where almost every aspect of our lives...

CISA Director Jen Easterly Announces Resignation on Inauguration Day

The Cybersecurity and Infrastructure Security Agency (CISA) has officially announced that Jen Easterly, the...

Challenges of Contemporary Phishing and Browser Security Measures to Address Them

In the ever-evolving landscape of cyber threats, organizations are facing increasingly sophisticated phishing attacks...