Security Advisory:PSAUX Ransomware Attack 

RGSA 11-15-24 

Date: November, 15, 2024 

INTRODUCTION 

A serious security flaw was found in a popular web hosting tool called CyberPanel, which affects many websites that use it. This flaw made over 22,000 servers vulnerable to cyberattacks, allowing hackers to take full control of them without needing a password. The issue was specific to version 2.3.6 of CyberPanel, and possibly version 2.3.7 as well. Hackers exploited this vulnerability to attack these servers with a type of malicious software called PSAUX ransomware. This ransomware locks up files on the servers and demands a ransom to unlock them. It also displays a ransom note when someone tries to log into the server. 

The company behind CyberPanel quickly fixed the issue by releasing a new update. The flaw was primarily discovered by security researcher DreyAnd, who demonstrated a proof-of-concept exploit for gaining full server control. The researcher notified CyberPanel’s developers, who promptly released a patch in version 2.3.8 to resolve the issue. Following the discovery, more than 21,000 vulnerable CyberPanel instances were found online, many of them located in the U.S. 

If you use CyberPanel, it is crucial to update to the latest version to protect your server from this type of attack. Some victims of this attack may be able to recover their files for free because of a flaw in the way the ransomware operates, but they should be cautious and back up their files first. In addition to the ransomware, some hackers also installed software to secretly mine cryptocurrency on the affected servers. 

Prevention 

  • Ensure devices are always updated to the latest software, including patches and fixes for security. This also includes third-party applications that may be installed to browsers as well.  
  • Require Multi-Factor Authentication (MFA) for critical accounts that store sensitive data as an additional layer of security to prevent unauthorized access. 
  • Consider implementing an Endpoint Detection and Response (EDR) solution that can help monitor and protect against threats before they occur. 

A person using their smartphone

 

HOW RICHTER GUARDIAN CAN HELP YOU 

  • Call us or send us an email at: +1 844-908-3950 and support@richterguardian.com. Connect with our cyber concierge to discuss how to be onboarded to our platform to be fully protected  
  • Provide resources for password management such as 1Password and guidance on how to implement it in your daily life as well as websites such as CyberPanel. 
  • Use our Cynet platform to monitor and protect endpoints such as your computer and phone for threat events or incidents like this.