The ransomware operator, known as ‘Mora_001,’ has been using these vulnerabilities to gain unauthorized access to firewall appliances and deploy the custom ransomware strain.
Researchers at Forescout have been tracking this new ransomware gang, which has shown links to the notorious LockBit group. Mora_001 has been active since January and has allegedly exploited these Fortinet vulnerabilities to secure a foothold in victims’ estates and deploy its own ransomware.
What Companies with Fortinet Should Do to Protect Themselves:
- Given the severity of these vulnerabilities, it is crucial for companies using Fortinet firewalls to take immediate action to safeguard their systems. Here are some recommended steps:
- Patch Vulnerabilities: Ensure that all Fortinet firewalls are updated with the latest security patches. Fortinet has released patches for CVE-2024-55591 and CVE-2025-24472, and it is imperative to apply these patches without delay.
- Conduct Security Audits: Regularly perform security audits to identify and address any potential weaknesses in your network. This includes reviewing firewall configurations and ensuring that they are set up correctly to prevent unauthorized access.
- Implement Multi-Factor Authentication (MFA): Strengthen access controls by implementing MFA for all users accessing the firewall appliances. This adds an extra layer of security and makes it more difficult for attackers to gain access.
- Monitor Network Traffic: Continuously monitor network traffic for any unusual or suspicious activity. Early detection of potential threats can help mitigate the impact of ransomware attacks.
- Educate Employees: Conduct regular cybersecurity training sessions for employees to raise awareness about phishing attacks and other common tactics used by ransomware operators. Educated employees are less likely to fall victim to such attacks.
By taking these proactive measures, companies can significantly reduce the risk of falling victim to the SuperBlack ransomware and protect their valuable data and systems from malicious actors. Please stay safe and if you need our security team to run a complimentary cyber security assessment, contact us to learn more!
