Citrix Server Vulnerability leads to Ransomware Attack

1443

Citrix Server which allows centrally hosted applications to be delivered to mobile and desktop clients is found to be vulnerable to cyber-attacks which when exploited by hackers can lead to ransomware infections and bitcoins mining.

 


Citrix has however released a patch for CVE-2019-19781 bug infecting its Application Delivery Controller (ADC) systems and Gateways last week in a hope that all its users will patch their systems to keep away their servers from malware attacks.

 

Security researchers from FireEye have warned that attackers are exploring the flaw and are succeeding in deploying a backdoor named “NotRobin” which then leads them to install malware such as coin miners and file encryption.

 

Germany automobile spare parts manufacturer Gedia reportedly became a victim of a ransomware attack last week through the Citrix vulnerability alerting manufacturing companies all over the world. And this was confirmed by the researchers from FireEye early today.

 

FireEye confirms that the new vector of infecting enterprise victims with malware has emerged through the Citrix Vulnerability and in some cases, the servers were being infected by a new ransomware variant named as “Ragnarok” that appears to have been created in Mid-January this year to use the Gateway to deploy ransomware via Central Pivot Point. And hackers are seen demanding a ransom of 1BTC to decrypt one machine or 5 BTC/ $43,000 for decrypting all machines.

 

Researchers claim that currently 4-5 hacking groups are trying to exploit the Citrix Flaw in ransomware attacks and might have succeeded in infiltrating 2-3 companies(including GEDIA) by now.

 

Note- GEDIA has to endorse the news that it was hit by a ransomware attack. However, the officials of the German manufacturer did release a press statement on Thursday last week saying their systems were experiencing downtime due to a cyber attack.