Cring Ransomware Group makes headlines again with a new hit. Worn-out ColdFusion servers and VPNs: the new targets.
Cring Ransomware Group: Short Background
In April 2021, we were writing about how new ransomware dubbed Cring was exploiting CVE-2018-13379, a flaw located in Fortinet VPNs. Traced back to January, when it first become noticeable, its operators made use of PowerShell scripts that helped them to achieve payload deciphering and the Mimikatz utility to perform credentials theft.
In a previous incident, Cring operators exploited a two-year-old FortiGate VPN vulnerability to target end-of-life Microsoft and Adobe applications. This should be a wake-up call for system owners everywhere who are using end-of-life or otherwise unsupported systems that are exposed to the internet at large. (…) While Cring has operators that have used Mimikatz on systems to gain credentials, there’s also evidence of native Windows process usage, which potentially blends in with otherwise legitimate activity.
Cring Ransomware Group Abuses Adobe ColdFusion
Back in September this year, a report was published by the Sophos’ researchers where they explained how Cring ransomware was used to target a flaw located in the Adobe ColdFusion 9. The mentioned installation was no less than 11 years old, being an