Ransomware Attacks Surge Due to New Windows Vulnerability Exploit Tool

Apps & Games / Desktop / Windows / Ransomware Attacks Surge Due to New Windows Vulnerability Exploit Tool
13 Jun 2024

A new report released by the Threat Hunter Team at Symantec is raising concerns about attackers associated with the Black Basta ransomware gang potentially taking advantage of a recently patched Windows privilege escalation vulnerability.

Windows Vulnerability Exploited

The vulnerability, known as CVE-2024-26169, affects the Windows Error Reporting Service and could allow an attacker to elevate their privileges. Although Microsoft Corp. released a patch for the vulnerability in March and initially reported no evidence of exploitation, recent findings suggest otherwise.

Symantec’s researchers discovered evidence of an exploit tool used in recent attacks that may have been developed before the patch was released, indicating possible zero-day exploitation. While these attacks were not successful, they closely resembled the tactics used by Black Basta, including the use of batch scripts posing as software updates.

Expert Opinions

Jim Routh, chief trust officer at Saviynt Inc., emphasized the importance of addressing privilege escalation vulnerabilities in Windows to prevent ransomware attacks from compromising data security. Callie Guenther, senior manager of cyber threat research at Critical Start Inc., highlighted the evolving tactics of ransomware groups and the need for comprehensive threat intelligence and monitoring.

Image: Needpix

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Update: 13 Jun 2024