Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware.

The CyberPanel vulnerabilities

CyberPanel is a widely used open-source control panel that’s used for managing servers used for hosting websites.

Two critical command injection vulnerabilities (CVE-2024-51378 and CVE-2024-51567) affecting CyberPanel versions 2.3.6 and (unpatched) 2.3.7 have been publicly documented earlier this week by the security researchers – refr4g und DreyAnd – who unearthed and reported them.

The posts were made public just a few days after the panel’s maintainers committed fixes for the two very similar flaws, which allow attackers to bypass authentication requirements and remotely execute arbitrary commands on the server.

The CyberPanel maintainers announced the release of the security patches, but they did not issue a newer version of the software nor assigned CVE numbers to the flaws at that time. The latest CyberPanel version is v2.3.7 and is, as noted earlier, vulnerable if the fixes haven’t been applied by using the upgrade function.

Unfortunately, multiple ransomware groups were quick to jump at the opportunity to exploit one or both vulnerabilities.

According to cybersecurity company LeakIX, on Monday there were nearly 22,000 vulnerable CyberPanel instances exposed online, and on Tuesday that number fell to around 400.

“Looks like someone took some liberty and wiped 20k CyberPanel instances as they all started responding 500s,” the company said.

PSAUX decryptor available

Users that have been hit by the threat actors are searching for answers on CyberPanel’s community forum.

LeakIX has created a decryptor for those who have been hit with the ransomware that appends the .psaux extension to the encrypted files.

“We don’t know if there are multiple groups competing or if they changed their script [to add the .encryp and .locked extensions instead of .psaux],” LeakIX CTO Gregory Boddin says.

The situation is evolving quickly, and we’ll update this article when we know more.

Zeljka Zorz

Kommentar verfassen Kommentieren abbrechen

London, GB

10:50 am, Feb. 2, 2025

5°C

L: 3° | H: 6°

Fühlt sich an wie 2°C° klarer Himmel

Luftfeuchtigkeit: 85 %

Druck: 1023 mb

Wind: 8 mph SE

Windböe: 8 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 4%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 7:37 am

Sonnenuntergang: 4:51 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 9:00 pm

3° | 6°°C 0 mm 0% 7 mph 85 % 1025 mb 0 mm/h

Tomorrow 9:00 pm

3° | 9°°C 0 mm 0% 8 mph 91 % 1025 mb 0 mm/h

Di. Feb. 04 9:00 pm

6° | 9°°C 1 mm 100% 13 mph 93 % 1026 mb 0 mm/h

Mi. Feb. 05 9:00 pm

4° | 7°°C 0 mm 0% 10 mph 86 % 1045 mb 0 mm/h

Do. Feb. 06 9:00 pm

2° | 8°°C 0 mm 0% 8 mph 86 % 1045 mb 0 mm/h

Today 12:00 pm

5° | 7°°C 0 mm 0% 7 mph 85 % 1023 mb 0 mm/h

Today 3:00 pm

6° | 8°°C 0 mm 0% 7 mph 75 % 1023 mb 0 mm/h

Today 6:00 pm

5° | 5°°C 0 mm 0% 4 mph 77 % 1023 mb 0 mm/h

Today 9:00 pm

4° | 4°°C 0 mm 0% 4 mph 79 % 1025 mb 0 mm/h

Tomorrow 12:00 am

3° | 3°°C 0 mm 0% 4 mph 79 % 1025 mb 0 mm/h

Tomorrow 3:00 am

3° | 3°°C 0 mm 0% 4 mph 86 % 1025 mb 0 mm/h

Tomorrow 6:00 am

4° | 4°°C 0 mm 0% 4 mph 86 % 1025 mb 0 mm/h

Tomorrow 9:00 am

5° | 5°°C 0 mm 0% 4 mph 87 % 1025 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€96,028.34	-2.15%
Ethereum(ETH)	€2,995.41	-4.13%
XRP(XRP)	€2.77	-3.55%
Fesseln(USDT)	€0.96	0.00%
Solana(SOL)	€205.14	-6.58%
USDC(USDC)	€0.96	0.01%
Dogecoin(DOGE)	€0.289677	-6.90%
Shiba Inu(SHIB)	€0.000016	-6.75%
Pepe(PEPE)	€0.000012	-8.34%

Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

Teilen:

The CyberPanel vulnerabilities

PSAUX decryptor available

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns