Cisco’s Talos announced in a blog Friday that 3.2 million machines globally are at risk of a Samsam ransomware attack. Cisco Talos claims systems are at risk from unpatched versions of JBoss.
Cisco’s IR Services Team received information about the attack from a recent customer engagement and began examining the JBoss vectors used as the initial compromise point. The team scanned the Internet for vulnerable machines and uncovered about 3.2 million machines at risk.
The teams scanned machines already compromised that were waiting for a ransomware payload and discovered more than 2,100 backdoors installed in about 1,600 IP addresses.
Cisco Talos has been advising [...]