Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Pulse Secure VPN Servers Targeted by REvil (Sodinokibi) Ransomware

ransomware
January 7, 2020

Pulse Secure VPN servers are being targeted by cybercriminals who use the REvil (Sodinokibi) ransomware to extort large organizations.

According to ZDNet, UK security researcher Kevin Beaumont is urging organizations that use Pulse Secure VPN to patch now or face huge ransomware attacks by criminals who can easily use the Shodan.io IoT search engine to identify vulnerable VPN servers. The REvil (Sodinokibi) ransomware was used in an attack last month on NASDAQ-listed US data-center provider CyrusOne and against several managed service providers (MSP), 20 Texas local governments, and over 400 dentist offices, says ZDNet.  

Beaumont puts REvil in the 'big game' category because criminals have employed it to encrypt critical business systems and demand huge sums of money, says ZDNet. The ransomware strain, discovered in April, initially used a vulnerability in Oracle WebLogic to infect systems. In an article, Beaumont notes that the Pulse Secure VPN vulnerability is incredibly bad, as it allows people without valid usernames and passwords to remotely connect to the corporate network the device is supposed to protect, turn off multi-factor authentication controls, remotely view logs and cached passwords in plain text (including Active Directory account passwords). 

In addition, Beaumont notes that the Pulse Secure VPN servers haven't been applied with patches flagged in warnings from the US CISA, US National Security Agency and the UK's National Cybersecurity Centre in October. 

Jared Greenhill, Director, Crypsis Group, says, “Recently, we have seen the Sodinokibi (REvil) ransomware variant become increasingly prevalent in Pulse Secure VPN vulnerability cases. But it’s not only the frequency of cases that is at issue, the techniques and methods used across the range of ransomware criminal actors provide profound challenges of their own—they are using more sophisticated vectors to deliver it (such as defeating MFA protections) and are going to great lengths to ensure they are paid. This includes examples such as disabling backup systems, being unwilling to negotiate ransoms when they assume the company is able to pay the asking rate, and, in some cases, threatening to publish data if not paid in full. While applying security best practices is highly recommended, threat actors are getting more sophisticated in working around protections and tools, making the fight against ransomware continually more difficult for organizations.”

Similarly, Sounil Yu, a member of the Board Of Advisors at Strategic Cyber Ventures, says, “Suppose a home inspector came to your house and told you that your house is vulnerable to a Category 1 hurricane. If you lived in Florida, you’re in trouble and you better start fixing your house right now before June when the hurricane season will be in full swing. Fixing the house will require lots of renovation and downtime. If you lived in Alaska, you’d shrug and ignore the vulnerability report because the expected loss is not worth the downtime and renovation costs. If weather patterns change and tornadoes became sufficiently frequent in Alaska, your risk management calculus may change and you may choose to take the downtime hit."

"There are those running PulseVPN who know they live in Florida and took action immediately," says Yu. "There are those that live in Alaska and ignored the warning. There are those that will realize that weather patterns have changed (via news/threat intelligence of increased attacks) and will take action now. Then there are those that think they live on an island near Alaska but due to continental drift, now live near Florida and don’t realize it. There are also those that aren’t aware of the changing weather patterns and will be in for a nasty surprise when they find their house flattened."

"The goal for mature organizations is to know where they are (via inventories), understand what’s important (Crown Jewels), and adjust as appropriate to the prevailing threat conditions so that their assets are safe,” warns Yu.

KEYWORDS: cyber security cybersecurity Internet of Things (IoT) ransomware security research

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • dataprivacy

    Pulse Secure VPN zero-day used to hack government organizations and defense firms

    See More
  • clothing retail store

    77% of retail organizations targeted by ransomware in 2021

    See More
  • Cybersecurity Intrusion Detection

    Hospitals Increasingly Targeted by Ransomware

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • January 30, 2025

    Iconic and Secure: Security Lessons Learned at Georgetown University

    ON DEMAND: Georgetown University, a major international research university with nine schools, an affiliated hospital, and many highly-ranked academic programs, has a mature, layered security program.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing