Ransomware attacks now target unpatched WS_FTP servers


Internet-exposed Ransomware attacks are now targeting WS_FTP servers that have not been patched against a critical vulnerability. “The ransomware actors didn’t wait long to abuse the recently reported vulnerability in WS_FTP Server software,” a spokesperson for Sophos X-Ops said.

As recently discovered by Sophos X-Ops incident responders, threat actors identifying themselves as the Reichsadler Cybercrime Group attempted, but failed, to spread ransomware payloads built with a LockBit 3.0 constructor stolen in September 2022. Despite the fact that Progress Software provided a patch for this vulnerability in September 2023, not all servers have been fixed. Sophos X-Ops noticed failed efforts to spread ransomware via unpatched services."

Read More…