A Canadian college and a global investment firm’s computer network were compromised with ransomware after hackers broke into the virtual private network of Fortinet devices. The incident was discovered by the security researchers from eSentire in October 2022. But for reasons they made the information public in Jan 2023.
eSentire’s Threat Response Unit (TRU) stated that the attack took place on the devices of the Fortinet through a bypass vulnerability named CVE-2022-40684
Though Fortinet that is into the business of selling security solutions such as firewalls and antivirus solutions has fixed the flaw, it appears to be too late, as hackers are buying and selling details of compromised devices on some hacking forums.
eSentire TRU named the newly found ransomware as Kalaja-Tomorr or Kalajatomorr that emerged in March 2022 and is targeting only English-speaking companies. Albania seems to be the birthplace of Kalajatomorr and was developed with the AES+RSA algorithm that is hard to break and decrypt.
As of now, the group is charging a hefty fee to offer a decryption key and specializes in transforming itself as a data wiper.
Microsoft’s threat intelligence unit is already behind the group and is said to soon offer a decryption key for Kalajatomorr.
NOTE- According to a report compiled by the FBI after a detailed study, every year around 316 ransomware variants come into operations and are being observed since 2018. However, only 9-10 of them get into the public eye with deeds and rest either lose their sheen or survive on mere $15to $2k ransom payments made with volatile- cryptocurrencies such as BTC.
The post Ransomware being spread through Fortinet VPN Devices appeared first on Cybersecurity Insiders.