More LockBit-based ransomware strains set sights on prevalent bugs

Widely known security vulnerabilities have been increasingly targeted by ransomware strains based on the leaked toolkit of the LockBit ransomware operation, reports The Record, a news site by cybersecurity firm Recorded Future. After reporting that vulnerable WS_FTP servers impacted by the CVE-2023-40044 flaw were targeted by Reichsadler Cybercrime Group with a payload based on exposed LockBit source code, Sophos researchers discovered that old Adobe ColdFusion servers have also been subjected to attacks with a LockBit knockoff by the BlackDogs2023 ransomware. "It's entirely possible that other copycats will emerge, which is why it's essential for organizations to prioritize patching and upgrading from unsupported software whenever possible. However, it's important to note that patching only closes the hole. With things like unprotected ColdFusion servers and WS_FTP, companies need to also check to make sure none of their servers are already compromised, otherwise, they're still at risk of these attacks," said Sophos Principal Threat Researcher Sean Gallagher.