Cisco Researchers Discover Millions of Servers Which Can Spread Ransomware
Although some people will argue the topic of Bitcoin ransomware has been beaten around the bush one time too many, it is important to bring attention to these threats. A new Cisco Systems study shows how 3 million servers are at risk of ransomware infections. When will people and enterprises learn to take cyber security more seriously?
JBoss Enterprise Software Can Spread Ransomware
There is no denying Bitcoin ransomware has become one of the most severe threats computer users have faced in quite some time. To make matters even worse, a lot of servers are running vulnerable – and outdated – software, which gives hackers a ton of security vulnerabilities they can exploit in the future.
Over 2,000 of these servers have already been taken over by hackers, who now exert full control over the machines. As one would come to expect from such an event, any hacker-controlled web server can be infected with ransomware at any given time. But that is not the most worrying part just yet.
As it turns out, the vast majority of these hacker-controlled servers are connected to governments, aviation companies, schools, and various other organizations. Some of the security weaknesses have been fixed already, including a security hole in the Destiny management system, which is often used by schools and libraries.
The biggest culprit seems to be the JBoss software, which has been developed by Red Hat. This enterprise application is of big concern for this looming Bitcoin ransomware attack, as the software puts close to 2 million servers at risk. Moreover, there is no indication all of the security vulnerabilities have been identified, bs Cisco researchers are still continuing their investigation at the time of publication.
Luckily, the Cisco researchers have posted a small guide as to how server owners can identify a breach of their platform. If a webshell has been installed, there is a very likely chance a hacker is in control of the offering right now. Removing all external access to the server would be priority number one, followed by re-imaging the system and installing all possible software updates.
Bitcoin ransomware is a grave threat to computer users all over the world, and infected servers are one of the primary sources for spreading this malware. It is positive to see Cisco researchers identify these critical issues, although the results provided are far more disconcerting than most people assumed.
What are your thoughts on millions of servers being at risk of spreading Bitcoin ransomware? Let us know in the comments below!
Source: Talos Intel
Images courtesy of JBoss, Shutterstock