“Big Game” Ransomware Attacks Leverage Critical Pulse Connect Secure Vulnerability (CVE-2019-11510)

Earlier this month, security researcher Kevin Beaumont published a blog detailing his discovery of two “notable incidents” of organizations being hit by “big game” ransomware through the use of a vulnerability in a popular Secure Socket Layer (SSL) Virtual Private Network (VPN) solution.

The flaw, CVE-2019-11510, is an arbitrary file disclosure vulnerability in Pulse Connect Secure, the SSL VPN produced by Pulse Secure and used by large organizations and governments around the world. 

The organizations breached using this vulnerability were infected with a strain of ransomware called Sodinokibi, also known as Sodin or REvil. Sodinokibi first made its big splash in April 2019 by utilizing a zero day exploit in Oracle WebLogic Server, which is identified as CVE-2019-2725.

For more information about the Pulse Secure vulnerability, Sodinokibi, as well as patching information, please visit our blog.