Critical Veeam RCE Bug Now Used in Frag Ransomware Attacks

Summary

After being previously utilized in the deployment of Akira and Fog ransomware, a severe Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication (VBR) has now been exploited to unleash Frag ransomware.

This elevates the urgency for organizations utilizing VBR software to address this security flaw immediately.

Details of the VBR Security Flaw

In December 2021, a fix was issued by Veeam for their Backup & Replication software to patch a Remote Code Execution vulnerability (CVE-2020-9027).

This flaw, if exploited, could allow unauthenticated attackers to compromise affected systems remotely via RCE, with potential results including the loss of critical data, system disruptions, and unauthorized access to sensitive information.

Unfortunately, security researchers have recently noticed that this vulnerability is being exploited by threat actors to deploy Frag ransomware — an increasingly common form of malware that encrypts victims’ files and demands a ransom for their restoration.

Frag Ransomware Attacks: A Rising Threat

Frag ransomware is making significant strides in the cybersecurity world, with multiple attacks affecting major entities globally.

Its crucial modus operandi involves infiltrating systems through the exploitation of unpatched vulnerabilities, further stressing the importance of timely software updates and patches.

In one notable instance, the targeted entity failed to apply the recommended VBR security patch in time, leading to a successful Frag ransomware attack.

This signifies that in addition to regular patch updates, organizations must adopt a timely, proactive security stance to combat evolving cyber threats.

Preventative Measures

To counter these threats, organizations are recommended to:

• Ensure timely patch updates, especially for critical vulnerabilities.
• Implement multi-factor authentication (MFA) to enhance account security.
• Conduct regular backups of critical data and verify their integrity.
• Install a robust security solution capable of detecting and neutralizing ransomware threats.
• Regularly conduct cybersecurity awareness training for all staff to equip them with knowledge against common attack vectors.

Conclusion

The landscape of cyber threats is evolving, with ransomware variants becoming more sophisticated and debilitating.

Organizations must stay vigilant, proactive, and prepared for potential attacks by adopting a robust security posture.

Follow-Up Reading

• Veeam’s official security patch KB3218 announcement
• Understanding Remote Code Execution – ACSC Guidance
• Ransomware Attack Trends and Response – Securonix Insights