See More

Vulnerable Citrix Servers Targeted by Hackers Using Ransomware

2 mins
By
Updated by
Join our Trading Community on Telegram
Researchers report that unpatched Citrix servers contain a vulnerability that allows hackers to infect them with ransomware.
A number of reports within the infosec community have warned companies that their Citrix servers might be flawed and that the flaw might result in a ransomware attack. The reports were also confirmed by security researchers from Under the Breach and FireEye. According to the reports, unpatched Citrix servers have a CVE-2019-19781 vulnerability, which hackers are using to infect entire corporate networks with ransomware. It remains unknown how many hacking groups are currently conducting Citrix server attacks, but researchers managed to identify one of them as the REvil ransomware gang, also known as Sodinokibi. Under the Breach’s researchers reported that they examined the files that REvil gang posted online after Gedia.com refused to pay the ransom. Researchers were able to confirm that the files indeed belong to Gedia, and that they managed to access them via the Citrix exploit. Some rumors claim that another group that is infecting these servers might be Maze ransomware gang, although no one was able to confirm them as of yet. However, FireEye discovered that there is also a third group that is using Ragnarok ransomware. Researchers explained that hackers are scanning the web for Citrix servers that did not implement patches for the CVE-2019-19781 flaw. These include two older versions of Citrix SD-WAN WANOP, Citrix Gateway, as well as Citrix ADC (Application Delivery Controller). Hacker The flaw was originally found and revealed in December 2019, and the attacks started two weeks ago, on January 11th, after the exploit was made publicly known. Unfortunately, the patches were not available right away, and Citrix recommended multiple mitigation techniques that server owners could try to use for protection. Unfortunately, companies either failed to apply them, or they did not work, and when the attacks finally started, numerous ransomware infections ended up being successful. Citrix finally started publishing patches yesterday, and it was reported that the patching is going well. The initial number of flawed servers was estimated at 80,000 in December, and 25.000 in mid-January. Two days ago, the number had dropped to 11,000 systems.
Images are courtesy of Twitter, Shutterstock, Pixabay.
Top crypto platforms in the US | April 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Sponsored
Sponsored