- Unpatched Fortigate VPN servers have another problem: “cring”.
- This is a new strain of RSA encryption ransomware that is actively being developed by its authors.
- The actors demand that the victims pay 2 Bitcoin for the decryption key.
Another attack vector has been added the abundance This affects vulnerable Fortigate VPN servers, one of the most targeted VPN products of the past year. As in a report from KasperskyActors look for unpatched Fortigate VPN products or even buy IP address lists compiled by others.
Next, they establish presence and try to steal credentials using the Mimikatz utility. Cobalt Strike is then used to help compromise the administrator account and give actors the opportunity to move sideways in the endangered network. Finally, when all valuables have been exfiltrated and the reconnaissance operation is over, the actors run a new type of ransomware called “Cring” to …