Immediate patching urged as Sodinokibi ransomware gang targets vulnerable systems

Citrix has completed the process of releasing patches for all supported versions of its technology affected by the so-called ‘Shitrix’ vulnerability.

The now-infamous security flaw (CVE-2019-19781), which affects Citrix Application Delivery Controller (ADC) and Gateway products, first surfaced in mid-December.

Citrix initially offered advice on how to mitigate the vulnerability in December, but reports soon surfaced that miscreants were scanning for vulnerable systems en masse.

Proof-of-concept exploit code dropped earlier this month. This prompted Citrix to double down on its patch release schedule – a process it completed on Friday.

Immediate patching is strongly recommended.

Even so, this may come too late for many vulnerable and inter-accessible systems, which have been targeted with cryptomining and later ransomware attacks.

For example, separate reports have indicated that Sodinokibi (AKA ‘REvil’) gang is actively abusing the Shitrix vulnerability to plant their ransomware on vulnerable networks.

In response to this, Citrix teamed with FireEye to release a free scanning tool to check systems for prior exploitation.


READ MORE What is Sodinokibi? The ransomware behind the Travelex attack