Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

Threat actors are exploiting a now-patched vulnerability in Veeam Backup & Replication (CVE-2024-40711) to deploy Akira and Fog ransomware. Using compromised VPN credentials, attackers create local accounts and spread ransomware, targeting enterprise backup systems. The flaw, rated 9.8 on the CVSS scale, enables remote code execution and was patched in September 2024.

CVE-2024-40711, a critical flaw in Veeam Backup & Replication, allows unauthenticated remote code execution.
Exploited through compromised VPN gateways without multifactor authentication and outdated software versions.
Attackers deployed Akira and Fog ransomware, with one case involving Hyper-V servers and rclone for data exfiltration.
A new variant linked to INC ransomware, Lynx ransomware, has been active since July 2024, targeting various sectors.
Trinity and MedusaLocker variants like BabyLockerKZ are being observed, exploiting phishing emails and software vulnerabilities.

Organizations should patch critical vulnerabilities, enforce multifactor authentication, and update unsupported software versions to safeguard against the exploitation of flaws like CVE-2024-40711, which attackers are using to target enterprise backup systems and deploy ransomware.

Sharing is caring!
Share

Tweet LinkedIn