Statement Regarding Ransomware Threat to JBoss Application Server

Version 1

    Red Hat has become aware of an active ransomware threat affecting unpatched or unsecured servers running JBoss Application Server and products based on it.  The attack utilizeshttps://github.com/joaomatosf/jexbossJexBoss to find vulnerable JBoss systems. These attacks have leveraged out-of-date, and unsecured systems to pivot attacks to other systems on the network.

     

    The ransomware attack affects users of JBoss Application Server who have not correctly secured their JMX consoles as well as users of older, unpatched versions of JBoss enterprise products.  An update to JBoss enterprise products was produced in April 2010 to correct the flaw, CVE-2010-0738

     

    Instructions for securing the JMX console are available here:  http://community.jboss.org/wiki/SecureTheJmxConsole.

     

    Further details can be found by reading Is my JBoss / EAP Server Vulnerable to Samas Ransomware?