European Enterprises mainly involved in manufacturing are being targeted by a new strain of Ransomware dubbed as Cring and confirmed sources say that the malware is being spread by exploitation of Fortinet VPN Vulnerability.
Security researchers from Kaspersky have found evidence that the file encrypting malware has disrupted at least two of the industrial process by encrypting servers related to control and management of the manufacturing equipment.
Therefore, with the arrival of Cring the malware has been added to the list of dominant ransomware strains that are existing in the cyber landscape such as REvil, Ryuk, Maze and Conti. And the highlight of this strain is that it also has the potential to destroy backup files that can otherwise be used to retrieve data without paying a ransom.
Kaspersky says that the attack could have been launched long back to test the vulnerable connections existing in the VPN Gateway. And then based on the software capable of scanning IP address, the hackers found a list of vulnerable Fortinet VPN Gateway devices.
Note- In January 2021, FBI and US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert that some APT groups were seen exploiting Fortinet FortiOS Vulnerabilities leading to compromise of Information Technology Infrastructure in several government and commercial entities. FortiOS is an operating system that helps protect endpoints, cloud deployments, and centralized networks along with enterprise security. There were some flaws existing in this framework, however, Fortinet issued fix in time that needs to be applied by administrators.