Today there are many threats that we can find on the web. Many types of malware that can compromise the security of our devices. This means that we must exercise extreme caution when surfing the Internet. One of the threats that have grown the most in recent times is ransomware. Today we are going to echo how the REvil ransomware now targets VPN servers Pulse Secure , which is one of the most popular.
REvil ransomware points to Pulse Secure VPN servers
There are many ransomware that have affected users in recent years. As we know it is a threat that aims to encrypt the victims’ equipment and request an economic rescue in return. A way to profit at the expense of victims, who can be private users or companies.
One of these most dangerous ransomware is REvil or also known as Sodinokibi. Now a group of security researchers has discovered that REvil ransomware is targeting the Pulse Secure VPN servers. It is, as we have mentioned, a widely used VPN service.
However, these same researchers have indicated that the ransomware attacks servers that have unpatched vulnerabilities . They can disable the antivirus and go unnoticed to carry out their attacks without being detected. This means that private users and organizations need to install patches to correct these vulnerabilities.
They report that hackers can use the Shodan.io search engine to search and identify vulnerable VPN servers.
Allows attacks remotely
We are facing an important vulnerability that would allow a possible cybercriminal to carry out attacks remotely, without having to use valid credentials, and thus connect to a corporate network, disable multifactor authentication and remotely access the records and passwords stored in plain text cache.
The group of researchers who have carried out this discovery have indicated that they detected almost 4,000 Pulse Secure VPN servers that were not patched correctly.
Once again we are looking at an example of the importance of keeping our equipment and systems updated. On many occasions vulnerabilities arise that can be exploited by hackers to carry out their threats and attacks. These security problems can be easily corrected since it is normal for developers to release security patches and updates.
It should be mentioned that this is something that we must apply regardless of the type of device or operating system we use. It does not matter if we are facing a computer, mobile or any IoT device, even if we do not use it normally. The fact that it has vulnerabilities can cause cybercriminals to enter our network and affect a large number of connected devices. Therefore, we always recommend installing the latest security patches and always keeping all the equipment that we have connected to the network updated and thus preserving privacy and security.
