Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

🛡️ Vulnerabilities

Microsoft Products

Windows

Product CVE(s) Ransomware Group(s) Source(s)
CLFS CVE-2025-29824 RansomEXX microsoft.com
Windows Error Reporting Service CVE-2024-26169 Black Basta www.security.com / securityonline.info
CLFS CVE-2023-28252 Nokoyawa securelist.com
SmartScreen CVE-2023-24880 Magniber blog.google
CLFS CVE-2022-24521 Cuba, Vice Society, RansomHub securelist.com / microsoft.com / security.com
MSDT CVE-2022-30190 ("Follina") BlackBasta sentinelone.com / trendmicro.com
Active Directory CVE-2021-42278 & CVE-2021-42287 ("NoPac") Conti, BlackBasta, CosmicBeetle*, Fog thedfirreport.com / cisa.gov / welivesecurity.com / thedfirreport.com
Print Spooler CVE-2021-1675 and CVE-2021-34527 ("PrintNightmare") Conti, Vice Society, Magniber, BlackBasta blog.talosintelligence.com / crowdstrike.com / cisa.gov / cisa.gov
Local Security Authority (LSA) CVE-2021-36942 ("PetitPotam") LockFile security.com
MSHTML CVE-2021-40444 Conti microsoft.com
NetLogon CVE-2020-1472 ("ZeroLogon") LockBit, BlackBasta, Rhysida, BianLian, Conti, Quantum, Ryuk, RansomHub, Cuba, CosmicBeetle*, Ghost/Cring, Fog cisa.gov / cisa.gov / cisa.gov / cisa.gov / cisa.gov / thedfirreport.com / thedfirreport.com / cisa.gov / cisa.gov / welivesecurity.com / cisa.gov / thedfirreport.com
BITS CVE-2020-0787 RansomHub cisa.gov
Remote Desktop Gateway CVE-2020-0609 Conti tenable.com
Task Scheduler Service CVE-2019-1069 Mallox trendmicro.com
Remote Desktop Services CVE-2019-0708 ("BlueKeep") LockBit cisa.gov
Win32k CVE-2018-8453 REvil trendmicro.com
Microsoft Office CVE-2018-0802 RagnarLocker kaspersky.com
Microsoft Office CVE-2023-36884 Underground fortinet.com
COM CVE-2017-0213 RagnarLocker kaspersky.com
Secondary Logon Service CVE-2016-0099 BlackCat kaspersky.com
IQVW32.sys (BYOVD) CVE-2015-2291 DOGE BIG BALLS Ransomware cyble.com

MS Server Products

Product CVE(s) Ransomware Group(s) Source(s)
Exchange On-Prem CVE-2022-41080 ("OWASSRF") PLAY crowdstrike.com
Exchange On-Prem CVE-2022-41040 & CVE-2022-41082 ("ProxyNotShell") PLAY cisa.gov
Exchange On-Prem CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 ("ProxyShell") Conti, Hive, Cuba, AvosLocker, BlackCat, Ghost/Cring sophos.com / cisa.gov / securelist.com / trendmicro.com / trendmicro.com / cisa.gov
Exchange On-Prem CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, & CVE-2021-27065 ("ProxyLogon") Conti, Cuba, AvosLocker tenable.com / trendmicro.com / trendmicro.com
Exchange On-Prem CVE-2020-0688 Conti tenable.com
SMBv3 CVE-2020-0796 ("SMBGhost") Conti tenable.com
SQL Server Reporting Services CVE-2020-0618 Mallox trendmicro.com
SharePoint Server CVE-2019-0604 Hello, Ghost/Cring trendmicro.com / cisa.gov
SMBv1 CVE-2017-0144 ("EternalBlue") WannaCry, NotPetya, RansomHub, CosmicBeetle*, Ghost/Cring sentinelone.com / cisa.gov / welivesecurity.com / cisa.gov

Application

  • Apps and Software targeted by ransomware gangs

Adobe

Product CVE(s) Ransomware Group(s) Source(s)
ColdFusion CVE-2023-29300 & CVE-2023-38203 Storm-0501* microsoft.com
ColdFusion CVE-2009-3960 & CVE-2010-2861 Ghost/Cring cisa.gov

Apache

Product CVE(s) Ransomware Group(s) Source(s)
ActiveMQ CVE-2023-46604 RansomHub cisa.gov
Log4j CVE-2021-44228 ("Log4Shell") LockBit, *Prophet Spider, AvosLocker cisa.gov / secureworks.com / blog.talosintelligence.com
Log4j CVE-2021-4104 *Prophet Spider secureworks.com
Struts CVE-2017-5638 *Prophet Spider secureworks.com

Atlassian

Product CVE(s) Ransomware Group(s) Source(s)
Confluence Data Center & Server CVE-2023-22527 LockBit thedfirreport.com
Confluence Data Center & Server CVE-2023-22515 RansomHub cisa.gov
Confluence Data Center & Server CVE-2023-22518 Cerber trendmicro.com
Confluence Data Center & Server CVE-2022-26134 Cerber sophos.com

ConnectWise

Product CVE(s) Ransomware Group(s) Source(s)
ScreenConnect CVE-2024-1708 & CVE-2024-1709 BlackBasta, Cicada3301, Bl00dy, BlackCat, Medusa cisa.gov / unit42.paloaltonetworks.com / trendmicro.com / bleepingcomputer.com / cisa.gov

CyberPanel

Product CVE(s) Ransomware Group(s) Source(s)
CyberPanel CVE-2024-51567 PSAUX www.csoonline.com
CyberPanel CVE-2024-51568 PSAUX www.csoonline.com

Kaseya

Product CVE(s) Ransomware Group(s) Source(s)
VSA CVE-2021-30116 REvil tenable.com

Java Applications

Product CVE(s) Ransomware Group(s) Source(s)
Jboss Application Server CVE-2017-7504 *Prophet Spider secureworks.com

Jenkins

Product CVE(s) Ransomware Group(s) Source(s)
Jenkins CVE-2024-23897 RansomEXX blogs.juniper.net / www.cloudsek.com

JetBrains

Product CVE(s) Ransomware Group(s) Source(s)
TeamCity CVE-2024-27198 BianLian www.guidepointsecurity.com
TeamCity CVE-2023-42793 BianLian www.guidepointsecurity.com

Mitel

Product CVE(s) Ransomware Group(s) Source(s)
MiVoice Connect CVE-2022-29499 Lorenz arcticwolf.com

Oracle

Product CVE(s) Ransomware Group(s) Source(s)
WebLogic CVE-2020-14882 *Prophet Spider secureworks.com
WebLogic CVE-2020-14750 *Prophet Spider secureworks.com
WebLogic CVE-2019-2725 REvil trendmicro.com
E-Business CVE-2016-0545 *Prophet Spider secureworks.com

PHP

Product CVE(s) Ransomware Group(s) Source(s)
PHP CGI CVE-2024-4577 TellYouThePass www.imperva.com

SAP

Product CVE(s) Ransomware Group(s) Source(s)
NetWeaver CVE-2025-31324 Bianlian, RansomEXX reliaquest.com

SimpleHelp

Product CVE(s) Ransomware Group(s) Source(s)
SimpleHelp RMM CVE-2024-57727 PLAY, DragonForce, Medusa cisa.gov / sophos.com / CuratedIntel

Sitecore

Product CVE(s) Ransomware Group(s) Source(s)
Sitecore XP CVE-2021-42237 *Prophet Spider secureworks.com

SysAid

Product CVE(s) Ransomware Group(s) Source(s)
SysAid On-Prem CVE-2023-47246 Clop @msftsecintel

Qlik

Product CVE(s) Ransomware Group(s) Source(s)
QlikSense CVE-2023-41265 Cactus northwave-cybersecurity.com

QNAP

Product CVE(s) Ransomware Group(s) Source(s)
NAS CVE-2021-28799 eCh0raix unit42.paloaltonetworks.com

Veeam

Product CVE(s) Ransomware Group(s) Source(s)
Backup & Replication CVE-2024-40711 Akira, Fog @SophosXOps
Backup & Replication CVE-2023-27532 Akira, FIN7, Cuba, CosmicBeetle, Qilin, RansomHub labs.withsecure.com / blogs.blackberry.com / welivesecurity.com / sophos.com / news.sophos.com / security.com
Backup & Replication CVE-2022-26500 & CVE-2022-26501 AvosLocker, Cuba kroll.com / securelist.com

Veritas

Product CVE(s) Ransomware Group(s) Source(s)
Veritas Backup Exec CVE-2021-27876 ALPHV cloud.google.com
Veritas Backup Exec CVE-2021-27877 ALPHV cloud.google.com
Veritas Backup Exec CVE-2021-27878 ALPHV cloud.google.com

Zoho

Product CVE(s) Ransomware Group(s) Source(s)
ManageEngine ADSelfService Plus CVE-2022-47966 Storm-0501* microsoft.com
ManageEngine ADSelfService Plus CVE-2021-40539 AvosLocker, Trigona kroll.com / areteir.com

Zimbra

Product CVE(s) Ransomware Group(s) Source(s)
Zimbra Collaboration CVE-2022-41352 BabLock group-ib.com

Virtualization

  • Virtualized infrastructure and systems targeted by ransomware gangs

Citrix

Product CVE(s) Ransomware Group(s) Source(s)
NetScaler ADC & Gateway CVE-2023-4966 ("Citrixbleed") LockBit, Medusa, BlackCat, INC Ransom, Storm-0501* doublepulsar.com / bleepingcomputer.com / therecord.media / secureworks.com / microsoft.com
NetScaler ADC & Gateway CVE-2023-3519 Pioneer Kitten+, RansomHub cisa.gov / cisa.gov
NetScaler ADC & Gateway CVE-2022-27510 Royal at-bay.com
ShareFile Storage Zones Controller CVE-2021-22941 *Prophet Spider crowdstrike.com
NetScaler ADC & Gateway & SD-WAN CVE-2019-19781 Pioneer Kitten+, REvil cisa.gov / cisa.gov / sentinelone.com
Workspace app and Receiver for Windows CVE-2019-11634 Nefilim sophos.com

VMware

Product CVE(s) Ransomware Group(s) Source(s)
ESXi CVE-2024-37085 ("ESX Admins") Akira, BlackBasta, BlackByte microsoft.com / blog.talosintelligence.com
Workspace ONE Access & Identity Manager CVE-2022-22954 RAR1Ransom fortinet.com
vCenter Server CVE-2021-22005 Conti tenable.com
vSphere Client CVE-2021-21985 Conti tenable.com
ESXi CVE-2021-21974 ESXiArgs greynoise.io
vSphere Client CVE-2021-21972 BlackCat, Akira crowdstrike.com / qualys.com

File Transfer Servers

  • Applications and Systems used to transfer and store files, often targeted for data exfiltration

Accellion

Product CVE(s) Ransomware Group(s) Source(s)
Accellion File Transfer Appliance CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104 Clop mandiant.com

Cleo

Product CVE(s) Ransomware Group(s) Source(s)
Cleo VLTrader, Harmony, LexiCom CVE-2024-55956 Clop huntress.com

CrushFTP

Product CVE(s) Ransomware Group(s) Source(s)
CrushFTP CVE-2025-31161 Kill Ransomware kennedyslaw.com

Fortra

Product CVE(s) Ransomware Group(s) Source(s)
GoAnywhere Managed File Transfer CVE-2023-0669 Clop, LockBit censys.io / cisa.gov

IBM

Product CVE(s) Ransomware Group(s) Source(s)
Aspera Faspex CVE-2022-47986 IceFire, Buhti sentinelone.com / security.com

Progress Software

Product CVE(s) Ransomware Group(s) Source(s)
MOVEit CVE-2023-34362 Clop cisa.gov

PaperCut

Product CVE(s) Ransomware Group(s) Source(s)
PaperCut Application Server CVE-2023–27350 & CVE-2023–27351 Clop, LockBit, Bl00dy, Buhti twitter.com/MsftSecIntel / cisa.gov / security.com

SolarWinds

Product CVE(s) Ransomware Group(s) Source(s)
SolarWinds Serv-U FTP CVE-2021-35211 Clop research.nccgroup.com

Network Edge Devices

  • Virtual Private Networks (VPNs), Firewalls, Routers, Switches, Load Balancers, Connection Gateways

Pulse Secure / Ivanti

Product CVE(s) Ransomware Group(s) Source(s)
Pulse Connect Secure CVE-2024-21887 Pioneer Kitten+ cisa.gov
Ivanti MobileIron CVE-2023-38035 Cactus bitdefender.com
Ivanti EPM Cloud Services Appliance (CSA) CVE-2021-44529 BlackCat crowdstrike.com
Pulse Connect Secure & Pulse Policy Secure CVE-2019-11539 Pioneer Kitten+, REvil cisa.gov / sentinelone.com
Pulse Connect Secure CVE-2019-11510 REvil, Pioneer Kitten+ tenable.com / cisa.gov

Fortinet

Product CVE(s) Ransomware Group(s) Source(s)
FortiOS & FortiProxy CVE-2024-55591 Hunters International, SuperBlack, NightSpire esentire.com / forescout.com / s-rminform.com
FortiOS SSL-VPN & FortiProxy CVE-2023-27997 RansomHub cisa.gov
FortiClientEMS CVE-2023-48788 RansomHub, Medusa cisa.gov / cisa.gov
FortiOS SSL-VPN CVE-2022-42475 CosmicBeetle* welivesecurity.com
FortiOS CVE-2022-40684 Akira stairwell.com
FortiOS SSL VPN CVE-2020-12812 Hive, PLAY cisa.gov / cisa.gov
FortiOS CVE-2019-6693 Akira stairwell.com
FortiOS CVE-2019-5591 Nemesis Kitten+ secureworks.com
FortiOS CVE-2018-13379 Conti, LockBit, PLAY, REvil, Ghost/Cring tenable.com / cisa.gov / cisa.gov / trendmicro.com / cisa.gov
FortiOS CVE-2018-13374 Conti tenable.com

F5

Product CVE(s) Ransomware Group(s) Source(s)
BIG-IP CVE-2023-46747 RansomHub cisa.gov
BIG-IP CVE-2022-1388 Pioneer Kitten+ cisa.gov
iControl REST CVE-2021-22986 LockBit cisa.gov

Palo Alto Networks

Product CVE(s) Ransomware Group(s) Source(s)
PAN-OS Firewall CVE-2024-0012 RA World security.com
PAN-OS Firewall CVE-2024-3400 Pioneer Kitten+ cisa.gov
GlobalProtect Portal & Gateway Interface CVE-2019-1579 DarkSide acronis.com

Sophos

Product CVE(s) Ransomware Group(s) Source(s)
XG Firewall CVE-2020-12271 Ragnarok news.sophos.com

SonicWall

Product CVE(s) Ransomware Group(s) Source(s)
SonicOS SSL-VPN CVE-2024-40766 Akira, Fog arcticwolf.com / arcticwolf.com
SMA 100 CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021-20023 FiveHands, HelloKitty cloud.google.com / ic3.gov
SonicOS SSL-VPN CVE-2020-5135 Babuk coveware.com
SMA 100 CVE-2019-7481 HelloKitty, BlackCat bleepingcomputer.com / blackberry.com

Cisco

Product CVE(s) Ransomware Group(s) Source(s)
ASA & FTD CVE-2023-20269 Akira cisco.com
ASA & FTD CVE-2020-3259 Akira cisa.gov

Check Point

Product CVE(s) Ransomware Group(s) Source(s)
Security Gateway CVE-2024-24919 Pioneer Kitten+, NailaoLocker cisa.gov / orangecyberdefense.com

Zyxel

Product CVE(s) Ransomware Group(s) Source(s)
Zyxel Firewall CVE-2024-42057, CVE-2024-11667 Helldown blog.sekoia.io

Linux

  • Exploitation of Linux components, such as Kernel, System libraries, Shell, and System utilities

System Utilities

Product CVE(s) Ransomware Group(s) Source(s)
Polkit pkexec CVE-2021-4034 ("Pwnkit") BlackCat crowdstrike.com