In March 2023, the vulnerability CVE-2023-27532 was disclosed, yet one company failed to patch their systems in time. This oversight led to a devastating ransomware attack by EstateRansomware in April 2024.

The attackers exploited a dormant account through FortiGate VPN, infiltrating the failover server. They deployed a persistent backdoor, harvested credentials, and disabled defenses, ultimately deploying ransomware that caused significant damage.

Group-IB’s Digital Forensics and Incident Response (DFIR) team investigated, tracing the attack from the initial breach to the ransomware deployment. Our analysis provides crucial insights and practical recommendations to help cybersecurity professionals prevent similar incidents.

Read the full story to learn how timely updates and regular security reviews can protect your organization from such threats

#CyberSecurity #Ransomware #Vulnerability #GroupIB #DFIR