Critical Veeam RCE Vulnerability Exploited in New Frag Ransomware Attacks

💥 Black Friday & Cyber Monday Alert! Get 50% OFF on WireTor Pentest Services 💥

A critical Veeam Backup & Replication (VBR) flaw, CVE-2024–40711 has become a key target for ransomware gangs. Recently, threat actors deployed the new Frag ransomware using this exploit, following similar attacks by Akira and Fog ransomware. The vulnerability arises from a deserialization weakness that allows Remote Code Execution (RCE), which attackers can use to infiltrate unpatched Veeam VBR servers.

🚨 Threat Actors and Ransomware Impact Sophos X-Ops reported that the STAC 5881 threat cluster exploited this vulnerability, accessing networks through compromised VPN credentials and creating rogue accounts on targeted servers. The Frag ransomware playbook is similar to Akira and Fog, capitalizing on unpatched systems and targeting misconfigurations in backup solutions like Veeam, which is used by 550,000+ customers globally.

September 4, 2024: Veeam issued a security update.September 15, 2024: The PoC exploit was released after a temporary delay to allow updates.Current Impact: Despite these updates, ransomware operators rapidly deployed Frag, targeting the RCE flaw.Patch Immediately: Apply Veeam’s latest patches to reduce vulnerability.Restrict Access: Isolate Veeam servers from public internet access.Enhance Monitoring: Implement ongoing security monitoring and response capabilities to detect unauthorized access or modifications.

For organizations aiming to prevent security breaches, WireTor offers cutting-edge pentest services, covering areas like networks, web applications, and cloud infrastructure. This Black Friday and Cyber Monday, get 50% off on pen-testing to secure your business against evolving threats.

💡 Take Action: Safeguard your data and secure your systems with WireTor Pentest Services. Don’t leave vulnerabilities unchecked, especially during holiday sales where threats often escalate.

Follow WireTor on LinkedIn for the latest cybersecurity insights and proactive steps to protect your organization.