icefire attacks Kod hosting

Incident Date:

August 20, 2022

World map

Overview

Title

icefire attacks Kod hosting

Victim

Kod hosting

Attacker

Icefire

Location

Sütlüce Mahallesi İmrahor Caddesi Haliç Park Plaza no:2/1 Kat:5 Daire:13, Turkey

Beyoğlu/İstanbul, Turkey

First Reported

August 20, 2022

IceFire Ransomware Targets Kod Hosting

Company Profile

Kod Hosting is a web hosting provider that offers a range of services, including DDR5 RAM servers, OwnCloud hosting, and SSL certificates. The company's website is http://kodhosting.com.

Vulnerabilities

IceFire ransomware targets Linux systems, exploiting vulnerabilities such as CVE-2022-47986, a critical remote code execution (RCE) vulnerability in the IBM Aspera with a CVSS rating of 9.8. The attackers use this vulnerability to deploy their payloads and encrypt the victims' Linux systems.

Impact

The IceFire ransomware attack on Kod Hosting has resulted in the encryption of files on the company's Linux systems, with the attackers demanding payment in exchange for the key to decrypt them. The attack has caused disruption to the company's operations and potentially put sensitive data at risk.

The IceFire ransomware attack on Kod Hosting underscores the growing trend of ransomware targeting Linux systems, which are increasingly being used in enterprise settings for critical tasks such as hosting databases, web servers, and other mission-critical applications. Companies operating in the Media & Internet sector, like Kod Hosting, should be aware of this trend and take appropriate measures to secure their Linux systems against ransomware attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.