Cisco: More Than 3 Million Servers Exposed to Serious Ransomware Threat

Recent in-depth research found 3.2 million machines at risk

Recent research by the Cisco Talos Security Intelligence and Research Group (Talos) uncovered a widespread vulnerability to a serious ransomware threat.

Researchers at Talos, which Cisco calls its “primary team that contributes threat information to the Cisco Collective Security Intelligence ecosystem,” looked specifically into the ransomware known as “Samsam,” which is known to exploit server vulnerabilities as an initial point of compromise. Talos scanned the Internet for vulnerable machines and discovered at least 3.2 million machines at risk.

Digging even deeper, Talos found 2,100 backdoors installed across nearly 1600 IP addresses and began immediately contacting the owners of the infected machines, which includes schools, governments, and aviation companies, among others.

Cisco Talos Blog: Widespread JBoss Backdoors a Major Threat https://t.co/pEQjlhSy8j

— Cisco Talos Intelligence Group (@TalosSecurity) April 15, 2016

Destiny

Even further into the research, Talos discovered that a good number of infected machines had software named “Destiny” installed. But, according to Talos, the company behind Destiny, Follett, has a patching system available that upgrades the software and also works to remove any existing backdoors on the system.

Talos also noted that they would work alongside Follett to analyze the infected files on compromised machines to ultimately recommend the best course of action for all affected servers.

Action recommended

Along with their report detailing their findings in this ransomware investigation, Talos is also offered up [link url=”http://blog.talosintel.com/2016/04/jboss-backdoor.html” title=”recommended remediation“] for any company that discovers a compromised server, with detailed steps that should be taken to secure the server and rid it of any threats.

All in all, Talos strongly stressed the importance of software patching, calling it a “key component to software maintenance, and cautioned against neglecting this critical component as the threat of ransomware grows.

[relink url=”https://amuedge.com/ransomware-becoming-a-growing-threat/” url2=”https://amuedge.com/education/cyber-security-the-true-greatest-threat-to-our-future/” url3=”https://amuedge.com/sunday-media-review-cybersecurity/”]