JungleSec ransomware first surfaced on the web in the last days of November. However, ransomware removal experts couldn’t discern how this cryptovirological strain infiltrated the targeted devices. However, after inspections of the affected servers, the experts have come to the conclusion that the JungleSec operators used the vulnerabilities of Intelligent Platform Management Interface (IPMI) to infiltrate targeted devices.
What is IPMI?
IPMI is a management interface built-in hardware (embedded on the motherboard or come as an add-on card) to enable organizations to remotely manage their servers. It makes it convenient for organizations that rent servers to handle their digital operations with convenience.
According to the available details, IPMI protocols of the affected devices were unprotected, and thus the operators used this vulnerability to drop the cryptovirological payload. It is worth mentioning that JungleSec can affect every device regardless of its operating system. Its shenanigans are not just limited to Windows. Linux and Mac users with IPMI integration have also been targeted by JungleSec.
According to the ransom note, the attackers warn the users to not use brute-force cracking to decode the encryption. Moreover, they demand 0.3 Bitcoins to provide ransomware removal key. They promise to provide the solution within 24 hours of the ransom payment. It’s still unclear what encryption algorithm lies in the foundation of JungleSec.
The infiltration mechanism of JungleSec clearly indicates that cryptovirological operators are quickly improving and expanding the details of a ransomware script. It also suggests that ransomware removal skill has a dynamic model that keeps on evolving with the threat.
Protection of IMPI
It has been noted that all the affected users were using IPMIs with default passwords, which were easy to brute-force. To secure your IMPIs from JungleSec or any other malware activity, set a long-string combination of alphabets, digits, and symbols as your password.