Cisco’s Talos announced in a blog Friday that 3.2 million machines globally are at risk of a Samsam ransomware attack. Cisco Talos claims systems are at risk from unpatched versions of JBoss.
Cisco’s IR Services Team received information about the attack from a recent customer engagement and began examining the JBoss vectors used as the initial compromise point. The team scanned the Internet for vulnerable machines and uncovered about 3.2 million machines at risk.
The teams scanned machines already compromised that were waiting for a ransomware payload and discovered more than 2,100 backdoors installed in about 1,600 IP addresses.
Cisco Talos has been advising [...]
Cisco Talos managed to disrupt a major ransomware campaign that researchers believe netted a hacker more than $30 million per year. The team determined that the Angler Exploit Kit used proxy servers of service provider Limestone Networks with the primary threat actor responsible for up to 50 percent of Angler Exploit Kit activity, according to a report on the Talos website. The attackers targeted as many as 90,000 victims per day.
Talos gained visibility into the network’s global activity through a collaboration with Level 3 Threat Research Labs. Thanks to this collaboration, the researchers were able to gain visibility into the attackers’ domain activity, Talos [...]