PSAUX Ransomware Mass Attack Exploits Critical CyberPanel Flaw, Taking Over 22,000 Servers Offline

A large-scale ransomware campaign targeting over 22,000 CyberPanel instances has leveraged a critical remote code execution vulnerability to infiltrate servers and encrypt files. Known as the PSAUX ransomware, this attack exploits authentication flaws, command injection vulnerabilities, and security filter bypasses in CyberPanel version 2.3.6, leading to mass outages and compromised data security.

CyberPanel Vulnerabilities:

  • CyberPanel 2.3.6 and possibly 2.3.7 have exploitable security flaws, including defective authentication, command injection, and security filter bypass.
  • The flaws enable remote root access and allow attackers to bypass security controls, making servers vulnerable to ransomware and unauthorized access.

Exploit Mechanics:

  • The PSAUX ransomware encrypts files on the compromised servers by generating unique AES keys for each attack.
  • Ransom notes are distributed across the server, and encryption keys are securely stored, making decryption challenging without the attacker’s RSA key.

Global Impact:

  • Over 22,000 CyberPanel servers were targeted, with significant exposure in the United States. These instances managed around 152,000 domains and databases.
  • The attack was reported by security researchers and prompted immediate action to limit further exploitation and data loss.

LeakIX Decryptor:

  • LeakIX released a decryptor for PSAUX ransomware, which may assist affected users in recovering encrypted files. However, the use of incorrect decryption keys risks data corruption.

Urgent Security Update:

  • CyberPanel users are advised to update their installations via GitHub to patch the vulnerabilities and avoid further attacks. CyberPanel developers have committed a fix, though an official update is pending.

The PSAUX ransomware attack underscores the dangers of unpatched software and the critical need for timely security updates. As ransomware tactics grow increasingly complex, it is essential for organizations to secure server applications and regularly monitor for vulnerabilities. For CyberPanel users, updating to the latest patch from GitHub is vital to prevent unauthorized access.

To safeguard against ransomware and similar cyber threats, Net Protector Cyber Security offers comprehensive solutions, including NPAV Ransomware Protection, Endpoint Security, and Data Loss Prevention tools. These solutions deliver advanced threat detection, file integrity monitoring, and real-time response to mitigate risks from vulnerabilities and unauthorized exploits.