Experts Make Out a List of Vulnerabilities Abused by Ransomware Groups
Since Ransomware Has Taken Ground Recently, Organizations Must Be Aware Which Vulnerabilities Were or Are Being Exploited.
Last updated on November 3, 2022
As ransomware attacks have gained ground recently, researchers decided to start making out a list of vulnerabilities abused by ransomware groups that is easy-to-follow in order for organizations to be aware of which security flaws ransomware gangs exploited or exploit in order to gain initial access when breaching a network.
The initiative came into existence at Allan Liska’s urge. He is a Recorded Future’s CSIRT member and announced his idea over the weekend on Twitter.
Lots of contributors have started to support Allan Liska in his initiative and the detailed in-progress list now includes vulnerabilities exploited in the past or that are still at the present moment targeted.
The list follows a diagram pattern with a concise mentioning of different vulnerabilities.
Fortinet VPN devices were encrypted in April by Cring ransomware targeting the above-mentioned unpatched vulnerability. This followed the FBI and CISA’s warning of Fortinet devices being scanned by cybercriminals to find the vulnerable ones.
The vulnerabilities that allowed the attack started in the middle of December 2020 and were carried out to January 2021, when Clop ransomware affected Accellion servers.
The Fight Against the Threat of Ransomware
Ransomware has become a real and ceaseless threat nowadays and organizations have started to act against it.
This way, Joint Cyber Defense Collaborative (JCDC) emerged. This is a partnership between several names like, for instance, CISA, Microsoft, Amazon Web Services, Lumen, Google Cloud, AT&T, FireEye Mandiant, Verizon, and Palo Alto Networks. It’s a project whose goal is to mitigate ransomware by defending the US critical infrastructure.
The key to preventing and solving an issue is determining its cause. This is what the June ransomware self-assessment security audit tool released by CISA lets enterprises do. Through this tool, organizations can evaluate their level of risks when it comes to ransomware and find out if they are really prepared to recover if attacked. The same federal agency makes available the Ransomware Response Checklist that helps firms part of the second scenario described before with advice and ransomware-related information.
A ransomware protection guide comes also from CERT NZ (The New Zealand Computer Emergency Response Team). Below is an illustration of this guide.
Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!