RELATED IOCs, MITIGATION STEPS AND REFERENCE LINKS
**Common Vulnerabilities and Exposures (CVE) ** (CVE-2018-13379 )Fortinet FortiOS, (CVE-2010-2861)-Adobe ColdFusion flaw
IOCs(Indicators of compromise)
SHA-256
f7d270ca0f2b4d21830787431f881cd004b2eb102cc3048c6b4d69cb775511c8
e687308cd4184e17c33fa9e44686e7d6a4d73adf65f7fb3cac9c4ad765b4ffdf
771a680f9a09a7a73ac2678f31f4d82fce49c046cc5f4c415cea5310b833911f
71821ddb0b49f5b91fc520ca3de1c5ea7cee3bf166ddebd625859966fc5221a2
a999e096a9fb6a994f4d58b04001c61bb2d1fd0d4f0fa87a5be0b61b23591f24
MITIGATION
— Software and firmware of any VPN gateways should be updated to the latest version
— Endpoint security solutions should be updated to the latest versions, with all recommended modules enabled
— Enforce organisation-wide RBAC policies and procedures
— Restrict VPN access between facilities and limit open ports to only those needed
— Store backups on a secure dedicated server
— Regularly test backup are working as expected
— Adopting Endpoint Detect and Response (EDR) and SIEM security solutions in both your IT and OT networks offers additional layers of protection and enables a proactive approach to cyber threats.
**Reference link: **
-
https://threatpost.com/hackers-exploit-flaw-cring-ransomware/165300/
-
https://www.zdnet.com/article/cring-ransomware-continues-assault-on-coldfusion-servers-vpns/
-
https://www.securityweek.com/cring-ransomware-targets-industrial-organizations
-
https://thehackernews.com/2021/09/cring-ransomware-gang-exploits-11-year.html