Citrix Server which allows centrally hosted applications to be delivered to mobile and desktop clients is found to be vulnerable to cyber-attacks which when exploited by hackers can lead to ransomware infections and bitcoins mining.
Ā
Citrix has however released a patch for CVE-2019-19781 bug infecting its Application Delivery Controller (ADC) systems and Gateways last week in a hope that all its users will patch their systems to keep away their servers from malware attacks.
Ā
Security researchers from FireEye have warned that attackers are exploring the flaw and are succeeding in deploying a backdoor named āNotRobinā which then leads them to install malware such as coin miners and file encryption.
Ā
Germany automobile spare parts manufacturer Gedia reportedly became a victim of a ransomware attack last week through the Citrix vulnerability alerting manufacturing companies all over the world. And this was confirmed by the researchers from FireEye early today.
Ā
FireEye confirms that the new vector of infecting enterprise victims with malware has emerged through the Citrix Vulnerability and in some cases, the servers were being infected by a new ransomware variant named as āRagnarokā that appears to have been created in Mid-January this year to use the Gateway to deploy ransomware via Central Pivot Point. And hackers are seen demanding a ransom of 1BTC to decrypt one machine or 5 BTC/ $43,000 for decrypting all machines.
Ā
Researchers claim that currently 4-5 hacking groups are trying to exploit the Citrix Flaw in ransomware attacks and might have succeeded in infiltrating 2-3 companies(including GEDIA) by now.
Ā
Note-Ā GEDIA has to endorse the news that it was hit by a ransomware attack. However, the officials of the German manufacturer did release a press statement on Thursday last week saying their systems were experiencing downtime due to a cyber attack.
Ā