A new human-operated ransomware strain known as Cring encrypts industrial sector companies’ networks. Attackers exploit Internet-exposed Fortigate SSL VPN servers unpatched against the CVE-2018-13379 vulnerability, which allows them to breach their targets’ network. Cring ransomware encrypts only specific files on the compromised devices using strong encryption algorithms (RSA-8192 + AES-128) after removing backup files and killing Microsoft Office and Oracle Database processes. It then drops ransom notes warning victims that their network was encrypted and that they need to hurry to pay the ransom.
Source: https://www.bleepingcomputer.com/news/security/new-cring-ransomware-hits-unpatched-fortinet-vpn-devices/