Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cisco: ransomware that was plaguing hospitals now moving to schools

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

April 19, 2016

Earlier today, Cisco has warned that the so-called 'SamSam' ransomware that has been plaguing U.S. hospitals is now moving into schools, thousands of which have already been infected, the company reported.

Cisco's 'Talos Security Team' has investigated SamSam infections among various clients and now estimates that about 3.2 million servers running JBoss are at risk of infection by the ransomware due to poor security patching practices.

The JBoss security flaw used by SamSam was patched years ago, but there are plenty of applications that still use older versions that haven't had the security flaw fixed.

Some third-party apps require older JBoss builds, and one such piece of software – Follett Learning's Destiny library management software used in U.S. schools – is getting hit hard, Cisco asserted.

The research team found no less than 2,100 backdoors installed across nearly 1,600 IP addresses-- backdoors that can allow the introduction of malware code.

Cisco said Follett Learning's technical team has instituted an "impressive" patching round that should sort out the issue, but that system admins still need to be on alert.

"Based on our internal security monitoring systems, Follett identified the issue and immediately took actions to address and close the security vulnerability on behalf of our customers," Follett said in a statement.

Schools are a logical target for attack by online extortionists. Not only do they store lots of juicy information, but decades of underfunding have left them with poor IT systems that are riddled with hundreds of security flaws.

To be sure, multiple backdoors have already been detected, including "mela," "shellinvoker," "jbossinvoker," "zecmd," "cmd," "genesis," "sh3ll" and possibly "Inovkermngrt" and "jbot." The list is quite extensive.

Cisco recommends disconnecting any possible infected servers from external connections upon discovery, to block any new code introductions.

The contents should then be transferred over to a new device with updated and patched applications.

"Security patching is a key component to software maintenance. It is neglected by both users and makers of the software far too often," the Talos team asserted.

"Failures anywhere along the chain will ensure that this type of attack remains successful for the hackers involved. With the addition of ransomware, the potential security impacts could be devastating for small and large businesses alike," Cisco warned.

Source: Cisco.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer