Ransomware Attack Hits Customers of Unnamed Managed Service Provider

By Netvora Tech News

---

Criminals behind the DragonForce ransomware have successfully infected customers of an unnamed managed service provider (MSP) with the malware. According to antivirus firm Sophos, the attackers exploited known vulnerabilities in SimpleHelp, which were patched in January of this year.

A Remote Access Software Used by MSPs

SimpleHelp is a remote access software that allows system administrators to troubleshoot issues with end-user devices. Managed service providers (MSPs) use SimpleHelp to remotely manage their customers' systems. The software consists of a server where administrators log in and client software that runs on endpoints. By compromising the SimpleHelp server of the MSP, the attackers were able to deploy ransomware on customers' systems.

Data Stolen, Customers Infected

Sophos reports that the attackers not only deployed ransomware but also stole data. The DragonForce group has been linked to recent ransomware attacks on British chains Marks & Spencer, Co-op, and Harrods. Earlier this year, security firm ArcticWolf warned of active exploitation of SimpleHelp vulnerabilities.

Known Vulnerabilities Exploited

The attackers exploited known vulnerabilities in SimpleHelp that were patched in January. It is unclear how many customers of the unnamed MSP were affected by the attack or how the attackers gained initial access to the SimpleHelp server.

• The DragonForce group is behind several recent high-profile ransomware attacks.
• Sophos has identified the vulnerability as a known issue that was patched in January.
• The attack highlights the importance of keeping software up to date and patching known vulnerabilities.