Critical Veeam RCE bug now used in Frag ransomware attacks

What is the Veeam RCE bug?

A critical remote code execution (RCE) vulnerability (CVE-2023-22145) in Veeam Backup & Replication versions 11a and 12 has been actively exploited in the wild as part of ransomware attacks.

The vulnerability, which was disclosed last week, allows an unauthenticated attacker to execute arbitrary code on a vulnerable system by sending a specially crafted HTTP request to the Veeam Backup & Replication server.

What is Frag ransomware?

Frag ransomware is a new strain of ransomware that has been linked to the exploitation of the Veeam RCE bug. The ransomware encrypts files on the victim's system and demands a ransom payment in exchange for decrypting them.

How does the Frag ransomware attack work?

The Frag ransomware attack typically begins with the exploitation of the Veeam RCE bug. Once the attacker has gained access to the vulnerable system, they can then deploy the Frag ransomware payload.

The Frag ransomware will then encrypt files on the victim's system and leave a ransom note demanding payment in exchange for decrypting them.

What should you do if you are affected by the Frag ransomware attack?

If you are affected by the Frag ransomware attack, you should immediately take the following steps:

• Disconnect the infected system from the network.
• Back up your data.
• Contact a qualified cybersecurity professional to help you remove the ransomware and recover your data.

How can you protect yourself from the Frag ransomware attack?

The best way to protect yourself from the Frag ransomware attack is to patch your Veeam Backup & Replication server as soon as possible.

You should also regularly back up your data and keep your software up to date.

Conclusion

The Frag ransomware attack is a serious threat to businesses and organizations that use Veeam Backup & Replication. By following the steps outlined in this blog post, you can help protect yourself from this attack.