Ransomware, Vulnerability Management

Thousands of vulnerable CyberPanel instances taken down in PSAUX ransomware attack

Share

BleepingComputer reports that almost all of the 21,761 internet-exposed CyberPanel instances impacted by a critical remote code execution flaw have been disrupted following a massive PSAUX ransomware attack.

Most of the vulnerable CyberPanel implementations, which could be taken over using the security issue, were in the U.S., followed by Germany, Singapore, Indonesia, and India, according to threat intelligence search engine LeakIX. Attacks conducted as part of the campaign involved a pair of scripts, with one for CyberPanel bug exploitation and the other for file encryption. However, PSAUX's file encryption script had a weakness that enabled LeakIX to develop a decryptor for files compromised by the ransomware. Organizations with affected CyberPanel instances have been urged to immediately download the latest version of the software from GitHub that resolves the RCE, which is yet to be given a Common Vulnerabilities and Exposures designation.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.