How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants
https://arstechnica.com/information-technology/2021/04/ransomware-shuts-down-production-at-two-manufacturing-plants/
Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer's industrial processes, a researcher from Kaspersky Lab said on Wednesday.
The ransomware known as Cring came to public attention in a January blog post. It takes hold of networks by exploiting long-patched vulnerabilities in VPNs sold by Fortinet. Tracked as CVE-2018-13379, the directory transversal vulnerability allows unauthenticated attackers to obtain a session file that contains the username and plaintext password for the VPN.
How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants
Apr 7, 2021, 11:20pm UTC
https://arstechnica.com/information-technology/2021/04/ransomware-shuts-down-production-at-two-manufacturing-plants/
> Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer's industrial processes, a researcher from Kaspersky Lab said on Wednesday.
> The ransomware known as Cring came to public attention in a January blog post. It takes hold of networks by exploiting long-patched vulnerabilities in VPNs sold by Fortinet. Tracked as CVE-2018-13379, the directory transversal vulnerability allows unauthenticated attackers to obtain a session file that contains the username and plaintext password for the VPN.