CyberPanel users have recently been targeted by ransomware groups exploiting vulnerabilities in their instances. Among the most concerning strains are PSAUX, .encryp, and .locked ransomware, each leaving a unique mark in the form of file extensions. This post covers what you need to know about the PSAUX ransomware variant, including the available decryption script and key files identified on a threat actor’s server, providing actionable insights to help you stay secure.

A significant ransomware attack has recently exploited vulnerabilities in CyberPanel, affecting over 22,000 instances globally. PSAUX ransomware leveraged a critical security flaw, leaving these web hosting control panels compromised and effectively taken offline. Here’s an overview of the vulnerabilities exploited, the ransomware’s impact, and steps for mitigation.

Qlocker Ransomware locks user files in password protected archives on QNAP server using 7z compression utility. Ransomware author demand a ransom of 0.01 BTC to get a password for their archived files.

The Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.

Bitdefender had released free Decryptor tool for Darkside Ransomware. Victims can now download and recover their files at no cost.