Over three million vulnerable servers are at risk of being injected with crypto ransomware — malicious software designed to block access to a system until a sum of money is paid. Of these, close to 2,100 servers have already been compromised by webshells (web scripts that act as a control panel for the server) that give attackers control over the machines, researchers at Cisco have reported.
The nodal cause for this kind of breach, the report states, are outdated apps that include the likes of out-of-date versions of Red Hat's JBoss enterprise application, which has been recently involved in a high profile ransomware campaign. The infected servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organisations.
Many of these servers affected had a software installed in them by Follet Destiny, which is a Library Management System used for tracking school library assets and is mainly used in K-12 schools across the world. Cisco representatives working on the report have, however, notified officials at Follet and Follett officials responded saying they have fixed the security vulnerability in the program.
As for the other apps, many of which may still remain untraced, the threat may get worse. The Cisco team thereby suggests that a compromised host should be taken down immediately as this host could be abused. They also detail a recommendation to all developers who come across any such breach.
Crypto ransomware has become a menace for cybersecurity officials and developers as more and more attacks continue to take place. In March, a report from cybersecurity firm Trend Micro revealed that crypto ransomware was one of the key security threats from 2015, which has only risen as 2016 came by. This is primarily because compared to normal ransomware, crypto ransomware is very difficult to crack.
More from IBTimes UK