After first surfacing earlier this year, the Cring ransomware organization has continued to create a name for itself by targeting older ColdFusion servers and VPNs. What makes Cring noteworthy, according to experts like Sean Nikkel of Digital Shadows, is that they tend to concentrate on leveraging older vulnerabilities in their attacks so far.
In a recent incident, Cring operators targeted end-of-life Microsoft and Adobe apps by exploiting a two-year-old FortiGate VPN vulnerability. This should serve as a wake-up call to all process owners who are running out-of-date or otherwise unsupported systems that are connected to the internet, Nikkel stated.
While Cring has operators who have exploited Mimikatz to obtain access to systems, there has also been evidence of native Windows process usage, which might be mistaken for otherwise genuine activity. This makes it more difficult for network hunters and defenders to detect malicious activity until it’s too late.
It is far from the first, and it will not be the last criminal organization to use the strategy of exploiting an unpatched vulnerability and encrypting data, according to Vishnyakov. A sequence of successful penetrations and producing infections is particularly harmful. These attacks may result in not only blackmail and financial penalties but also accidents and death.