• Thousands of CyberPanel instances taken offline in massive ransom

    From TechnologyDaily@1337:1/100 to All on Wednesday, October 30, 2024 13:15:05
    Thousands of CyberPanel instances taken offline in massive ransomware attack

    Date:
    Wed, 30 Oct 2024 13:04:00 +0000

    Description:
    As soon as flaws were spotted, hackers moved in, installing ransomware on
    tens of thousands of endpoints.

    FULL STORY ======================================================================

    Cybercriminals have taken advantage of multiple vulnerabilities in CyberPanel to install ransomware and force tens of thousands of instances offline. Victims might be in luck though, since a decryption key appears to be available.

    A cybersecurity researcher alias DreyAnd has announced finding three major vulnerabilities in CyberPanel 2.3.6, and possibly 2.3.7, which allowed for remote code execution, and arbitrary system commands execution.

    They even published a proof-of-concept (PoC) to demonstrate how to take over
    a vulnerable server. Decrypting the ransomware

    CyberPanel is an open source web hosting control panel that simplifies the management of web servers and websites. It was built upon LiteSpeed, and allows users to manage websites, databases, domains, and emails. CyberPanel
    is especially popular for its integration with LiteSpeeds OpenLiteSpeed
    server and LSCache, which enhance website speed and performance.

    This prompted CyberPanels developers to issue a fix and post it on GitHub. Whoever downloads CyberPanel from GitHub, or upgrades an existing version, will get the fix. However, the tool did not get a new version, and the vulnerabilities were not assigned a CVE.

    As reported by BleepingComputer , there were more than 21,000 internet-connected and vulnerable endpoints out there, roughly half of which were located in the US. Soon after the PoC was published, the number of visible instances dropped to mere hundreds. Some researchers confirmed that threat actors deployed the PSAUX ransomware variant, forcing the devices offline. Apparently, more than a hundred thousand domains and databases were managed through CyberPanel.

    The PSAUX ransomware was named after a common Linux process, and targets Linux-based systems. It leverages advanced techniques to avoid detection and ensure persistence, making it particularly dangerous for businesses and organizations running critical applications on Linux servers.

    However, the publication later added that a security researcher alias LeakIX released a decryptor that can reverse the damage done by the attack. Still,
    if the attackers used a different encryption key, trying to decrypt it could corrupt the data, so creating a backup before trying the decryption is advised. More from TechRadar Pro Ransomware crew pose as Microsoft Teams IT support to steal logins and passwords Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-cyberpanel-instances-taken -offline-in-massive-ransomware-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)