Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware.

The CyberPanel vulnerabilities
CyberPanel is a widely used open-source control panel that’s used for managing servers used for hosting websites.

Two critical command injection vulnerabilities (CVE-2024-51378 and CVE-2024-51567) affecting CyberPanel versions 2.3.6 and (unpatched) 2.3.7 have been publicly documented earlier this week by the security researchers – refr4g and DreyAnd – who unearthed and reported them.

The posts were made public just a few days after the panel’s maintainers committed fixes for the two very similar flaws, which allow attackers to bypass authentication requirements and remotely execute arbitrary commands on the server.

The CyberPanel maintainers announced the release of the security patches, but they did not issue a newer version of the software nor assigned CVE numbers to the flaws at that time. The latest CyberPanel version is v2.3.7 and is, as noted earlier, vulnerable if the fixes haven’t been applied by using the upgrade function.

Unfortunately, multiple ransomware groups were quick to jump at the opportunity to exploit one or both vulnerabilities.

According to cybersecurity company LeakIX, on Monday there were nearly 22,000 vulnerable CyberPanel instances exposed online, and on Tuesday that number fell to around 400.

“Looks like someone took some liberty and wiped 20k CyberPanel instances as they all started responding 500s,” the company said.

PSAUX decryptor available
Users that have been hit by the threat actors are searching for answers on CyberPanel’s community forum.

LeakIX has created a decryptor for those who have been hit with the ransomware that appends the .psaux extension to the encrypted files.

“We don’t know if there are multiple groups competing or if they changed their script [to add the .encryp and .locked extensions instead of .psaux],” LeakIX CTO Gregory Boddin says.

The situation is evolving quickly, and we’ll update this article when we know more.

Kommentar verfassen Kommentieren abbrechen

London, GB

8:42 pm, Jan. 31, 2025

7°C

L: 6° | H: 7°

Fühlt sich an wie 5°C° overcast clouds

Luftfeuchtigkeit: 92 %

Druck: 1028 mb

Wind: 5 mph E

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 100%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 7:40 am

Sonnenuntergang: 4:47 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 9:00 pm

6° | 7°°C 0 mm 0% 5 mph 92 % 1028 mb 0 mm/h

Tomorrow 9:00 pm

4° | 6°°C 0 mm 0% 8 mph 91 % 1030 mb 0 mm/h

So. Feb. 02 9:00 pm

2° | 8°°C 0 mm 0% 6 mph 86 % 1026 mb 0 mm/h

Mo. Feb. 03 9:00 pm

2° | 9°°C 0 mm 0% 5 mph 92 % 1027 mb 0 mm/h

Di. Feb. 04 9:00 pm

3° | 9°°C 0 mm 0% 9 mph 93 % 1028 mb 0 mm/h

Today 9:00 pm

6° | 7°°C 0 mm 0% 5 mph 92 % 1028 mb 0 mm/h

Tomorrow 12:00 am

5° | 6°°C 0 mm 0% 5 mph 91 % 1028 mb 0 mm/h

Tomorrow 3:00 am

5° | 6°°C 0 mm 0% 6 mph 84 % 1029 mb 0 mm/h

Tomorrow 6:00 am

5° | 5°°C 0 mm 0% 4 mph 80 % 1029 mb 0 mm/h

Tomorrow 9:00 am

5° | 5°°C 0 mm 0% 3 mph 79 % 1030 mb 0 mm/h

Tomorrow 12:00 pm

6° | 6°°C 0 mm 0% 8 mph 71 % 1029 mb 0 mm/h

Tomorrow 3:00 pm

6° | 6°°C 0 mm 0% 6 mph 73 % 1027 mb 0 mm/h

Tomorrow 6:00 pm

6° | 6°°C 0 mm 0% 6 mph 73 % 1027 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€98,231.83	-2.96%
Ethereum(ETH)	€3,193.16	2.34%
XRP(XRP)	€2.91	-3.37%
Fesseln(USDT)	€0.96	-0.07%
Solana(SOL)	€220.79	-4.03%
USDC(USDC)	€0.96	0.00%
Dogecoin(DOGE)	€0.313389	-2.09%
Shiba Inu(SHIB)	€0.000018	0.09%
Pepe(PEPE)	€0.000013	6.97%

Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns