UPDATED 19:55 EDT / NOVEMBER 10 2019

SECURITY

ConnectWise warns customers of ongoing ransomware campaign

Remote IT management solutions firm ConnectWise LLC is warning customers that hackers are targeting its software to install ransomware.

Florida-based ConnectWise, acquired by Thomas Bravo for $1.5 billion in February, provides collaboration and management solutions to firms such as Liberty Technology Inc. The company’s Automate remote monitoring and management product is the specific target of those behind the attacks.

First notifying customers via Twitter on Nov. 7, ConnectWise said it was aware of “recent reports of malicious actors targeting open ports for ConnectWise Automate on-premises application to introduce ransomware.”

“Please ensure that your ports are not left open to the internet based on our best practices,” the company added. In a separate Tweet, ConnectWise said that “in an effort to protect our partners, we will not publicly disclose the specific port that is being targeted. We are communicating with our impacted Automate on-premise partners and are happy to answer any questions offline.”

As Search Security pointed out, the company didn’t provide details such as when the attacks occurred, what type of ransomware was used, how many ConnectWise customers were targeted and if any of the ransomware attacks were successful.

James Carder, chief information security officer and vice president at security operations provider LogRhythm Inc., told SiliconANGLE that criminals always look for the easiest way to break into an organization.

“In cases like ransomware, the goal is to use the initial access into the environment to move to and compromise as many systems as possible,” Carder explained. That way, he said, the attacker can rapidly inflict as much pain as possible, bringing the company to its knees and maximizing the attacker’s reward.

“The most obvious entry point that satisfies this scenario is an approved, privileged, understood, knowledgeable and centralized system used to manage a company’s computer systems,” Carder added. “If an attacker compromises that system, he gets unfettered access to the entire environment. Moreover, he can thwart many security operations teams. Installing software (since ransomware is nothing more than software) is likely standard operating procedure for that system, so it still appears to be acting normally.”

Image: ConnectWise

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU