JBoss Vulnerability Could Lead to SamSam Ransomware
Researchers at Cisco Talos found a vulnerability in JBoss that can be exploited by SamSam ransomware. Cisco Talos said in a blog post, “As part of this investigation, we scanned for machines that were already compromised and potentially waiting for a ransomware payload. We found just over 2,100 backdoors installed across nearly 1600 IP addresses.” The research firm says they estimate over 3.2 million machines are at risk.
SamSam is distributed through compromised servers and then holds victim systems for ransom. Attackers are using the JexBoss open source tool to test and then exploit JBoss application servers. Once they gain access to the network, they start encrypting Windows systems using SamSam.
Cisco Talos suggests that if your server is vulnerable, the first piece of advice is to remove external access to the server. “Ideally, you would also re-image the system and install updated versions of the software,” the firm said in the blog post.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.