The now-patched security flaw in Veeam Backup & Replication, CVE-2024-40711 rated 9.8/10, is being actively exploited by threat actors to deploy Akira and Fog ransomware, as revealed by cybersecurity vendor Sophos tracking attacks leveraging compromised VPN credentials to create local accounts and deploy ransomware. The attacks involved utilizing Veeam on port 8000 to spawn net
exe and create a local account, with the Fog ransomware being deployed to an unprotected Hyper-V server while the other ransomware attempts were unsuccessful. The active exploitation prompted an advisory from NHS England, cautioning about the valuable targets of enterprise backup and disaster recovery applications for cyber threat groups, amidst developments such as the emergence of Lynx ransomware and the healthcare sector's encounters with Trinity ransomware and MedusaLocker variant. https://thehackernews.com/2024/10/critical-veeam-vulnerability-exploited.html