Security teams have been advised that a maximum severity vulnerability in unpatched WS_FTP servers from Progress Software have been targeted in ransomware attacks.
In an advisory posted by Sophos X-Ops, the researchers said that even though Progress Software released a fix for this bug last month, not all the servers have been patched yet.
“The ransomware actors didn’t wait too long to abuse the recently reported vulnerability in WS_FTP Server software,” said the Sophos X-Ops researchers
The Sophos researchers said the threat actors, self-described as the Reichsadler Cybercrime Group, attempted unsuccessfully to deploy ransomware payloads created using a LockBit 3.0 builder reportedly stolen in September 2022.
News of the flaw in the WS_FTP software broke earlier this month, when SC Media reported that threat actors could leverage the maximum severity flaw, tracked as CVE-2023-40044, to facilitate remote command execution. Another critical vulnerability, tracked as CVE-2023-42657, could be exploited to enable file operations outside the permitted folder path.
The WS_FTP server’s recent vulnerability presents a severe threat landscape because of its inherent nature, which…
