{"id":20983,"date":"2022-02-16T21:21:56","date_gmt":"2022-02-16T21:21:56","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=20983"},"modified":"2022-02-17T20:52:23","modified_gmt":"2022-02-17T20:52:23","slug":"critical-infrastructure-ransomware-attacks-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/","title":{"rendered":"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities"},"content":{"rendered":"<p><a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-protection\/\">Ransomware<\/a> attacks on <a href=\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-protection-physical-cybersecurity\/\">critical infrastructure<\/a> and a surge in exploited <a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">vulnerabilities<\/a> are getting the attention of U.S. cybersecurity agencies, which highlighted the threats in a pair of warnings issued in recent days.<\/p>\n<p>The FBI and U.S. Secret Service issued a <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2022\/220211.pdf\" target=\"_blank\" rel=\"noopener\">detailed advisory<\/a> on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical infrastructure industries in recent months, among them government, financial and food and agriculture targets.<\/p>\n<p>And the Cybersecurity and Infrastructure Security Agency (CISA) added <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/02\/10\/cisa-adds-15-known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">15 more vulnerabilities<\/a> to its list of actively exploited vulnerabilities.<\/p>\n<p>The warnings come amid <a href=\"https:\/\/www.esecurityplanet.com\/threats\/u-s-security-agencies-issue-russian-threat-alert\/\">rising global tensions<\/a> over the possibility of a Russian invasion of Ukraine, which itself has been the subject of a number of <a href=\"https:\/\/www.esecurityplanet.com\/threats\/cisa-microsoft-warn-of-wiper-malware\/\">U.S. cybersecurity advisories<\/a> in recent weeks, the latest a dramatic revelation of Russian cyber attacks against <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-047a\" target=\"_blank\" rel=\"noopener\">U.S. defense firms<\/a>.<\/p>\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">Top Vulnerability Management Tools<\/a><\/p>\n<h2>BlackByte Ransomware Attack Methods, IoCs<\/h2>\n<p>The FBI-Secret Service warning came just ahead of news that the NFL&#8217;s San Francisco 49ers had also been hit by BlackByte ransomware.<\/p>\n<p>The ransomware encrypts files on compromised Windows host systems, including physical and virtual servers, the advisory noted, and the executable leaves a ransom note in all directories where encryption occurs, including ransom payment instructions for obtaining a decryption key.<\/p>\n<p>Some victims said the attackers used a known <a href=\"https:\/\/www.esecurityplanet.com\/applications\/microsoft-makes-exchange-server-patches-less-optional\/\">Microsoft Exchange Server vulnerability<\/a> to gain access to their networks, then deployed tools to move laterally across the network and escalate privileges before exfiltrating and encrypting files.<\/p>\n<p>&#8220;In some instances, BlackByte ransomware actors have only partially encrypted files,&#8221; the advisory said. &#8220;In cases where decryption is not possible, some data recovery can occur.&#8221;<\/p>\n<p>A newer version of the ransomware encrypts files without communicating with any external IP addresses. The advisory provided a detailed look at BlackByte indicators of compromise (IoC) and suspicious files and commands to look for.<\/p>\n<h2>BlackByte Ransomware Protection Steps<\/h2>\n<p>The agencies offered some sound cybersecurity advice for BlackByte that applies pretty generally:<\/p>\n<ul>\n<li>Conduct regular backups and store them as <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-backup-solutions-for-ransomware-protection\/\">air-gapped, password-protected copies<\/a> offline<\/li>\n<li>Implement <a href=\"https:\/\/www.esecurityplanet.com\/networks\/microsegmentation-software\/\">network segmentation<\/a>, &#8220;such that all machines on your network are not accessible from every other machine&#8221;<\/li>\n<li>Update <a href=\"https:\/\/www.esecurityplanet.com\/products\/antivirus-software\/\">antivirus software<\/a> on all hosts and enable <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">real-time detection<\/a><\/li>\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">Update and patch<\/a> operating systems, software, and firmware as soon as updates and patches are released<\/li>\n<li>Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts<\/li>\n<li>Audit user accounts with administrative privileges and configure access controls with <a href=\"https:\/\/www.esecurityplanet.com\/products\/zero-trust-security-solutions\/\">least privilege<\/a> in mind, and use <a href=\"https:\/\/www.esecurityplanet.com\/mobile\/multi-factor-authentication\/\">multifactor authentication<\/a><\/li>\n<li>Disable unused remote access\/<a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/secure-access-for-remote-workers-rdp-vpn-vdi\/\">Remote Desktop Protocol (RDP)<\/a> ports and monitor remote access\/RDP logs for any unusual activity<\/li>\n<li>Consider adding an email banner to emails received from outside your organization and disable hyperlinks in received emails<\/li>\n<li>Ensure all identified IOCs are input into the network <a href=\"https:\/\/www.esecurityplanet.com\/products\/siem-tools\/\">SIEM<\/a> for continuous monitoring and alerts<\/li>\n<\/ul>\n<p><em>Further reading: <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-backup-solutions-for-ransomware-protection\/\">Best Backup Products for Ransomware<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/products\/ransomware-removal-and-recovery-services\/\">Best Ransomware Removal and Recovery Services<\/a>\u00a0<\/em><\/p>\n<h2>CISA Vulnerabilities Affect Apple, Oracle and Others<\/h2>\n<p>CISA added 15 vulnerabilities to its <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">list of known CVEs<\/a> (common vulnerabilities and exposures) that hackers are actively exploiting or have exploited. The flaws affect a range of vendors, including widely used products from Apple, Oracle and Microsoft. These flaws represent a considerable risk for enterprises and government agencies, and threat actors use them regularly.<\/p>\n<h2>The 15 Vulnerabilities Explained<\/h2>\n<p>CISA sorts vulnerabilities by their remediation due date for federal agencies:<\/p>\n<ol>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2021-36934\" target=\"_blank\" rel=\"noopener\">CVE-2021-36934<\/a>: Also known as Windows Elevation of Privilege Vulnerability, this vulnerability exists because overly permissive access control lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database, allow threat actors to gain full user rights on a victim\u2019s system. Federal organizations will only have until February 24, 2022 to patch this vulnerability.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2020-0796\" target=\"_blank\" rel=\"noopener\">CVE-2020-0796<\/a>: A flaw in Microsoft Server Message Block (SMBv3) allows local privilege escalation and remote code execution, which attackers can exploit to execute code on a target server or client.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2018-1000861\" target=\"_blank\" rel=\"noopener\">CVE-2018-1000861<\/a>: A vulnerability in the Stapler web framework used by Jenkins (technology for continuous delivery) to handle HTTP requests allows attackers to use crafted URLs to invoke public methods fraudulently.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-9791\" target=\"_blank\" rel=\"noopener\">CVE-2017-9791<\/a>: A vulnerability in Apache Struts 2, subsequent to the Equifax breach via a Java-based framework to create web applications, that creates opportunities for remote code executions (RCE) attacks caused by using untrusted inputs in the ActionMessage class during development.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-8464\" target=\"_blank\" rel=\"noopener\">CVE-2017-8464<\/a>: The LNK Remote Code Execution Vulnerability is an RCE vulnerability in Microsoft Windows via crafted .LNK files, which attackers can exploit to gain local user rights on a victim\u2019s system.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-10271\" target=\"_blank\" rel=\"noopener\">CVE-2017-10271<\/a>: An easily exploitable vulnerability in Oracle&#8217;s middleware allows an unauthenticated attacker to compromise and potentially take over the Oracle WebLogic Server.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-0263\" target=\"_blank\" rel=\"noopener\">CVE-2017-0263<\/a>: Win32k Elevation of Privilege Vulnerability in specific Windows products allows attackers to exploit a failing kernel-mode driver to install programs; view, change, or delete data; or create new accounts with full user rights<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-0262\" target=\"_blank\" rel=\"noopener\">CVE-2017-0262<\/a>: An RCE vulnerability in Microsoft Office can be exploited when a user opens a file with malformed graphics, allowing attackers to create tricked EPS files and take control of the affected system.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-0145\" target=\"_blank\" rel=\"noopener\">CVE-2017-0145<\/a>: Windows SMB Remote Code Execution Vulnerability in various Windows products allows remote attackers to execute arbitrary code via crafted packets.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-0144\" target=\"_blank\" rel=\"noopener\">CVE-2017-0144<\/a>: Similar to CVE-2017-0145.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2016-3088\" target=\"_blank\" rel=\"noopener\">CVE-2016-3088<\/a>: A remote file upload via a Java-based multi-protocol messaging for Apache (Apache ActiveMQ 5) allows attackers to upload and execute arbitrary files.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2015-2051\" target=\"_blank\" rel=\"noopener\">CVE-2015-2051<\/a>: An RCE vulnerability in a specific wired\/wireless router via a network device management protocol, known for its buggy implementation (HNAP), allows attackers to execute arbitrary commands via a GetDeviceSettings action.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2015-1635\" target=\"_blank\" rel=\"noopener\">CVE-2015-1635<\/a>: An RCE vulnerability in specific versions of Windows (e.g., 7 SP1, 8, 8.1) or Windows Server (2008 R2 SP1, 2012 Gold) allows attackers to execute arbitrary code via crafted HTTP requests.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2015-1130\" target=\"_blank\" rel=\"noopener\">CVE-2015-1130<\/a>: An XPC implementation allows authentication bypass and admin privilege escalation in Apple OS X before 10.10.3.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2014-4404\" target=\"_blank\" rel=\"noopener\">CVE-2014-4404<\/a>: An RCE vulnerability caused by buffer overflow in old Apple&#8217;s products (iOs before 8 and Apple TV before 7) allows attackers to execute arbitrary code in a privileged context.<\/li>\n<\/ol>\n<p>The list of added and removed entries is a living list and changes as new threats emerge and old ones diminish. And sure enough, no sooner did we finish this article than CISA added <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/02\/15\/cisa-adds-nine-known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">nine additional bugs<\/a> to the list, among them Microsoft, Google Chrome and Adobe flaws. About the only constant in cybersecurity is the need for vigilance to keep up with the ever-changing threat landscape.<\/p>\n<h2>A Top Priority for Security Teams<\/h2>\n<p>Many of these vulnerabilities have been around for years, but they are actively under attack. CISA strongly recommends updating all software as soon as possible.<\/p>\n<p>With the shortlist of widely exploited vulnerabilities, system administrators and security teams can quickly identify and patch key vulnerabilities to prevent malicious actors from exploiting the weaknesses.<\/p>\n<h2>How to Use the CISA Catalog<\/h2>\n<p>While CVE-2021-36934 is listed first due to its high severity and due date, the top-ranking vulnerabilities most exploited by attackers do not necessarily have high severity ratings. The CVSS score is just an indicator, and a low score does not mean hackers won&#8217;t attack it.<\/p>\n<p>Some vendors already map the CISA catalog to catch vulnerabilities and critical CVEs. For example, mapping for vulnerabilities during scripted checks in continuous delivery and continuous integration (CD\/CI) pipelines allows for early and automatic detection.<\/p>\n<h2>Aggressive Patching Can Have a Huge Benefit<\/h2>\n<p>It\u2019s highly recommended that you follow vulnerability announcements for any products you own, such as those from IBM, Cisco, Google, Microsoft, Apple, Oracle (or other companies), and prioritize those under active exploitation.<\/p>\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/top-it-asset-management-tools-for-security\/\">IT asset management tools<\/a> have become critical security tools, with their ability to discover installed products you may have forgotten about.<\/p>\n<p>CISA has ordered federal organizations to apply patches quickly, sometimes with pretty short deadlines (weeks), making exploitable vulnerabilities less easy to find for attackers.<\/p>\n<p>Private organizations are strongly encouraged to follow the same directive to mitigate risks and plan updates, as these vulnerabilities are present in the same products in the private sector.<\/p>\n<p>Read next: <a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">Best Patch Management Software<\/a><\/p>\n<p><em>eSecurity Planet editor <\/em><a href=\"https:\/\/www.esecurityplanet.com\/author\/paul-shread-2\/\"><em>Paul Shread<\/em><\/a><em> contributed to this report<\/em><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6f8358fe52-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6f8358fe52\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6f8358fe52\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6f8358fe52\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6f8358fe52\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6f8358fe52\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6f8358fe52\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware attacks on critical infrastructure and a surge in exploited vulnerabilities are getting the attention of U.S. cybersecurity agencies, which highlighted the threats in a pair of warnings issued in recent days. The FBI and U.S. Secret Service issued a detailed advisory on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical [&hellip;]<\/p>\n","protected":false},"author":267,"featured_media":20986,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[10990,2478],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[31780,31790],"class_list":["post-20983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","tag-critical-vulnerabilities","tag-ransomware","b2b_audience-awareness-and-consideration","b2b_product-patch-management","b2b_product-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"With new ransomware threats and 15 additional critical vulnerabilities, IT security teams have a lot of patching to do.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"With new ransomware threats and 15 additional critical vulnerabilities, IT security teams have a lot of patching to do.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-16T21:21:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-17T20:52:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"421\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Julien Maury\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Julien Maury\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\"},\"author\":{\"name\":\"Julien Maury\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\"},\"headline\":\"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities\",\"datePublished\":\"2022-02-16T21:21:56+00:00\",\"dateModified\":\"2022-02-17T20:52:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\"},\"wordCount\":1345,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg\",\"keywords\":[\"critical vulnerabilities\",\"ransomware\"],\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\",\"name\":\"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg\",\"datePublished\":\"2022-02-16T21:21:56+00:00\",\"dateModified\":\"2022-02-17T20:52:23+00:00\",\"description\":\"With new ransomware threats and 15 additional critical vulnerabilities, IT security teams have a lot of patching to do.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg\",\"width\":900,\"height\":421,\"caption\":\"cve list\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\",\"name\":\"Julien Maury\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"caption\":\"Julien Maury\"},\"description\":\"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jmaury\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities | eSecurity Planet","description":"With new ransomware threats and 15 additional critical vulnerabilities, IT security teams have a lot of patching to do.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities | eSecurity Planet","og_description":"With new ransomware threats and 15 additional critical vulnerabilities, IT security teams have a lot of patching to do.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/","og_site_name":"eSecurity Planet","article_published_time":"2022-02-16T21:21:56+00:00","article_modified_time":"2022-02-17T20:52:23+00:00","og_image":[{"width":900,"height":421,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg","type":"image\/jpeg"}],"author":"Julien Maury","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Julien Maury","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/"},"author":{"name":"Julien Maury","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a"},"headline":"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities","datePublished":"2022-02-16T21:21:56+00:00","dateModified":"2022-02-17T20:52:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/"},"wordCount":1345,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg","keywords":["critical vulnerabilities","ransomware"],"articleSection":["Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/","url":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/","name":"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg","datePublished":"2022-02-16T21:21:56+00:00","dateModified":"2022-02-17T20:52:23+00:00","description":"With new ransomware threats and 15 additional critical vulnerabilities, IT security teams have a lot of patching to do.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/cve-list-e1644960071137.jpg","width":900,"height":421,"caption":"cve list"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a","name":"Julien Maury","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","caption":"Julien Maury"},"description":"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.","url":"https:\/\/www.esecurityplanet.com\/author\/jmaury\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20983"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/267"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=20983"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20983\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/20986"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=20983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=20983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=20983"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=20983"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=20983"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=20983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}