When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Cybercriminals have taken advantage of multiple vulnerabilities in CyberPanel to installransomwareand force tens of thousands of instances offline.
Victims might be in luck though, since a decryption key is acting like available.
They even published a proof-of-concept (PoC) to demonstrate how to take over a vulnerable server.
It was built upon LiteSpeed, and allows users to manage websites, databases, domains, and emails.
This prompted CyberPanels developers to issue a fix and post it on GitHub.
Whoever downloads CyberPanel from GitHub, or upgrades an existing version, will get the fix.
However, the tool did not get a new version, and the vulnerabilities were not assigned a CVE.
Soon after the PoC was published, the number of visible instances dropped to mere hundreds.
Some researchers confirmed that threat actors deployed the PSAUX ransomware variant, forcing the devices offline.
Apparently, more than a hundred thousand domains and databases were managed through CyberPanel.
The PSAUX ransomware was named after a common Linux process, and targets Linux-based systems.
