
As a result, processes were temporarily shut down inside two Italy-based facilities operated by the manufacturer. The infection spread to a server hosting databases that were required for the manufacturer’s production line. In the first quarter of this year, Cring infected an unnamed manufacturer in Germany, Vyacheslav Kopeytsev, a member of Kaspersky Lab’s ICS CERT team said in an email. A note left behind demands two bitcoins in exchange for the AES key that will unlock the data. Once installed, the ransomware locks up data using 256-bit AES encryption and encrypts the key using an RSA-8192 public key hardcoded into the ransomware.
#Fortinet vpn vulnerability 2020 software
To mask the attack in progress, the hackers disguise the installation files as security software from Kaspersky Lab or other providers.
#Fortinet vpn vulnerability 2020 install
Eventually, the attackers use the Cobalt Strike framework to install Cring. With an initial toehold, a live Cring operator performs reconnaissance and uses a customized version of the Mimikatz tool in an attempt to extract domain administrator credentials stored in server memory. Tracked as CVE-2018-13379, the directory transversal vulnerability allows unauthenticated attackers to obtain a session file that contains the username and plaintext password for the VPN. It takes hold of networks by exploiting long-patched vulnerabilities in VPNs sold by Fortinet. The ransomware, known as Cring, came to public attention in a January blog post.



Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control a manufacturer's industrial processes, a researcher from Kaspersky Lab said on Wednesday.
