A brand new ransomware group has been noticed abusing a lately patched vulnerability in Atlassian Confluence Server and Information Middle. The group, dubbed Atom Silo, is utilizing the flaw to deploy its ransomware.
What has occurred?
- The ransomware employed by the Atom Silo group could be very an identical to LockFile and LockBit ransomware teams.
- The group is utilizing a number of novel strategies that make it very difficult to look at, together with DLL side-loading to interrupt endpoint safety.
- Profitable exploitation of CVE-2021-26084 permits unauthenticated attackers to execute distant instructions on unpatched Confluence servers.
- Ransomware payloads unfold by Atom Silo used a malicious kernel driver to evade detection by disrupting endpoint safety options.
- Moreover, the attackers have been noticed utilizing inbuilt and native Home windows instruments, together with assets, to maneuver additional inside the community till they deploy the ransomware.
Found lately, Atom Silo is already exhibiting numerous potential with its strategies and capabilities to go after enterprise merchandise corresponding to Confluence servers. If not acted in opposition to now, it might grow to be much more difficult for organizations to remain protected from this risk.