Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware.

The CyberPanel vulnerabilities
CyberPanel is a widely used open-source control panel that’s used for managing servers used for hosting websites.

Two critical command injection vulnerabilities (CVE-2024-51378 and CVE-2024-51567) affecting CyberPanel versions 2.3.6 and (unpatched) 2.3.7 have been publicly documented earlier this week by the security researchers – refr4g and DreyAnd – who unearthed and reported them.

The posts were made public just a few days after the panel’s maintainers committed fixes for the two very similar flaws, which allow attackers to bypass authentication requirements and remotely execute arbitrary commands on the server.

The CyberPanel maintainers announced the release of the security patches, but they did not issue a newer version of the software nor assigned CVE numbers to the flaws at that time. The latest CyberPanel version is v2.3.7 and is, as noted earlier, vulnerable if the fixes haven’t been applied by using the upgrade function.

Unfortunately, multiple ransomware groups were quick to jump at the opportunity to exploit one or both vulnerabilities.

According to cybersecurity company LeakIX, on Monday there were nearly 22,000 vulnerable CyberPanel instances exposed online, and on Tuesday that number fell to around 400.

“Looks like someone took some liberty and wiped 20k CyberPanel instances as they all started responding 500s,” the company said.

PSAUX decryptor available
Users that have been hit by the threat actors are searching for answers on CyberPanel’s community forum.

LeakIX has created a decryptor for those who have been hit with the ransomware that appends the .psaux extension to the encrypted files.

“We don’t know if there are multiple groups competing or if they changed their script [to add the .encryp and .locked extensions instead of .psaux],” LeakIX CTO Gregory Boddin says.

The situation is evolving quickly, and we’ll update this article when we know more.

Kommentar verfassen Kommentieren abbrechen

London, GB

12:46 pm, Juni 22, 2025

25°C

L: 24° | H: 27°

Fühlt sich an wie 25°C° aufgelockerte Bewölkung

Luftfeuchtigkeit: 49 %

Druck: 1013 mb

Wind: 15 mph WSW

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 40%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:43 am

Sonnenuntergang: 9:21 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

24° | 27°°C 0 mm 0% 17 mph 64 % 1013 mb 0 mm/h

Tomorrow 10:00 pm

15° | 23°°C 0.2 mm 20% 15 mph 81 % 1016 mb 0 mm/h

Di. Juni 24 10:00 pm

14° | 26°°C 0 mm 0% 16 mph 77 % 1015 mb 0 mm/h

Mi. Juni 25 10:00 pm

16° | 27°°C 0 mm 0% 9 mph 86 % 1013 mb 0 mm/h

Do. Juni 26 10:00 pm

17° | 24°°C 1 mm 100% 15 mph 95 % 1018 mb 0 mm/h

Today 1:00 pm

24° | 25°°C 0 mm 0% 15 mph 49 % 1013 mb 0 mm/h

Today 4:00 pm

21° | 24°°C 0 mm 0% 17 mph 47 % 1013 mb 0 mm/h

Today 7:00 pm

21° | 22°°C 0 mm 0% 13 mph 54 % 1012 mb 0 mm/h

Today 10:00 pm

16° | 16°°C 0 mm 0% 10 mph 64 % 1012 mb 0 mm/h

Tomorrow 1:00 am

16° | 16°°C 0 mm 0% 13 mph 76 % 1011 mb 0 mm/h

Tomorrow 4:00 am

16° | 16°°C 0.2 mm 20% 13 mph 81 % 1011 mb 0 mm/h

Tomorrow 7:00 am

15° | 15°°C 0.2 mm 20% 13 mph 60 % 1013 mb 0 mm/h

Tomorrow 10:00 am

17° | 17°°C 0 mm 0% 13 mph 46 % 1014 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€89,111.93	-1.14%
Ethereum(ETH)	€1,972.93	-6.84%
Fesseln(USDT)	€0.87	0.02%
XRP(XRP)	€1.75	-5.47%
Solana(SOL)	€115.31	-6.66%
USDC(USDC)	€0.87	0.01%
Dogecoin(DOGE)	€0.134929	-4.93%
Shiba Inu(SHIB)	€0.000010	-4.95%
Pepe(PEPE)	€0.000008	-8.93%
Peanut das Eichhörnchen(PNUT)	€0.218233	13.10%

Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns