Cring-Ransomware

RELATED IOCs, MITIGATION STEPS AND REFERENCE LINKS

**Common Vulnerabilities and Exposures (CVE) ** (CVE-2018-13379 )Fortinet FortiOS, (CVE-2010-2861)-Adobe ColdFusion flaw

IOCs(Indicators of compromise)

SHA-256

f7d270ca0f2b4d21830787431f881cd004b2eb102cc3048c6b4d69cb775511c8

e687308cd4184e17c33fa9e44686e7d6a4d73adf65f7fb3cac9c4ad765b4ffdf

771a680f9a09a7a73ac2678f31f4d82fce49c046cc5f4c415cea5310b833911f

71821ddb0b49f5b91fc520ca3de1c5ea7cee3bf166ddebd625859966fc5221a2

a999e096a9fb6a994f4d58b04001c61bb2d1fd0d4f0fa87a5be0b61b23591f24

MITIGATION

— Software and firmware of any VPN gateways should be updated to the latest version

— Endpoint security solutions should be updated to the latest versions, with all recommended modules enabled

— Enforce organisation-wide RBAC policies and procedures

— Restrict VPN access between facilities and limit open ports to only those needed

— Store backups on a secure dedicated server

— Regularly test backup are working as expected

— Adopting Endpoint Detect and Response (EDR) and SIEM security solutions in both your IT and OT networks offers additional layers of protection and enables a proactive approach to cyber threats.

**Reference link: **

1. https://threatpost.com/hackers-exploit-flaw-cring-ransomware/165300/

2. https://www.trendmicro.com/en_us/research/21/i/examining-the-cring-ransomware-techniques.html?utm_source=sociabbleapp&utm_medium=social&utm_campaign=none&utm_term=Bp5TsYvJ3oZg&socid=Bp5TsYvJ3oZg

3. https://www.zdnet.com/article/cring-ransomware-continues-assault-on-coldfusion-servers-vpns/

4. https://usa.kaspersky.com/about/press-releases/2021_na-cring-ransomware-infects-industrial-targets-through-vulnerability-in-vpn-servers

5. https://www.darkreading.com/careers-and-people/hacking-on-tv-8-binge-worthy-and-cringe-worthy-examples

6. https://www.securityweek.com/cring-ransomware-targets-industrial-organizations

7. https://thehackernews.com/2021/09/cring-ransomware-gang-exploits-11-year.html