CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.9%
attack.mitre.org/versions/v15/matrices/enterprise/
attack.mitre.org/versions/v15/software/S0002/
attack.mitre.org/versions/v15/software/S0002/
attack.mitre.org/versions/v15/software/S0029/
attack.mitre.org/versions/v15/software/S0029/
attack.mitre.org/versions/v15/software/S0154/
attack.mitre.org/versions/v15/software/S0154/
attack.mitre.org/versions/v15/techniques/T1003/
attack.mitre.org/versions/v15/techniques/T1003/
attack.mitre.org/versions/v15/techniques/T1018/
attack.mitre.org/versions/v15/techniques/T1018/
attack.mitre.org/versions/v15/techniques/T1021/001/
attack.mitre.org/versions/v15/techniques/T1021/001/
attack.mitre.org/versions/v15/techniques/T1036/
attack.mitre.org/versions/v15/techniques/T1036/
attack.mitre.org/versions/v15/techniques/T1046/
attack.mitre.org/versions/v15/techniques/T1046/
attack.mitre.org/versions/v15/techniques/T1047/
attack.mitre.org/versions/v15/techniques/T1047/
attack.mitre.org/versions/v15/techniques/T1048/002/
attack.mitre.org/versions/v15/techniques/T1048/002/
attack.mitre.org/versions/v15/techniques/T1048/003/
attack.mitre.org/versions/v15/techniques/T1048/003/
attack.mitre.org/versions/v15/techniques/T1059/001/
attack.mitre.org/versions/v15/techniques/T1059/001/
attack.mitre.org/versions/v15/techniques/T1059/001/
attack.mitre.org/versions/v15/techniques/T1068/
attack.mitre.org/versions/v15/techniques/T1070/
attack.mitre.org/versions/v15/techniques/T1070/
attack.mitre.org/versions/v15/techniques/T1098/
attack.mitre.org/versions/v15/techniques/T1098/
attack.mitre.org/versions/v15/techniques/T1110/003/
attack.mitre.org/versions/v15/techniques/T1110/003/
attack.mitre.org/versions/v15/techniques/T1136/
attack.mitre.org/versions/v15/techniques/T1136/
attack.mitre.org/versions/v15/techniques/T1190/
attack.mitre.org/versions/v15/techniques/T1190/
attack.mitre.org/versions/v15/techniques/T1210/
attack.mitre.org/versions/v15/techniques/T1210/
attack.mitre.org/versions/v15/techniques/T1219/
attack.mitre.org/versions/v15/techniques/T1219/
attack.mitre.org/versions/v15/techniques/T1486/
attack.mitre.org/versions/v15/techniques/T1486/
attack.mitre.org/versions/v15/techniques/T1490/
attack.mitre.org/versions/v15/techniques/T1490/
attack.mitre.org/versions/v15/techniques/T1537/
attack.mitre.org/versions/v15/techniques/T1537/
attack.mitre.org/versions/v15/techniques/T1562/001/
attack.mitre.org/versions/v15/techniques/T1562/001/
attack.mitre.org/versions/v15/techniques/T1566/
attack.mitre.org/versions/v15/techniques/T1566/
attack.mitre.org/versions/v15/techniques/T1588/005/
attack.mitre.org/versions/v15/techniques/T1588/005/
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
github.com/cisagov/cset/releases/tag/v10.3.0.0
github.com/cisagov/Decider/
hhscyber.hhs.gov/
pages.nist.gov/800-63-3/
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
redskyalliance.org/xindustry/knight-ransomware
twitter.com/CISAgov
twitter.com/intent/tweet?text=%23StopRansomware%3A%20RansomHub%20Ransomware+https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals#DetectingRelevantThreatsandTTPs3A
www.cisa.gov/cross-sector-cybersecurity-performance-goals#DisableMacrosbyDefault2N
www.cisa.gov/cross-sector-cybersecurity-performance-goals#EmailSecurity2M
www.cisa.gov/cross-sector-cybersecurity-performance-goals#LogCollection2T
www.cisa.gov/cross-sector-cybersecurity-performance-goals#MitigatingKnownVulnerabilities1E
www.cisa.gov/cross-sector-cybersecurity-performance-goals#MitigatingKnownVulnerabilities1E)
www.cisa.gov/cross-sector-cybersecurity-performance-goals#NetworkSegmentation2F
www.cisa.gov/cross-sector-cybersecurity-performance-goals#PhishingResistantMultifactorAuthenticationMFA2H
www.cisa.gov/cyber-hygiene-services
www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
www.cisa.gov/report
www.cisa.gov/resources-tools/resources/secure-by-design
www.cisa.gov/resources-tools/resources/stopransomware-guide
www.cisa.gov/resources-tools/services/logging-made-easy
www.cisa.gov/securebydesign
www.cisa.gov/stopransomware
www.cve.org/CVERecord?id=CVE-2017-0144
www.cve.org/CVERecord?id=CVE-2020-0787
www.cve.org/CVERecord?id=CVE-2020-1472
www.cve.org/CVERecord?id=CVE-2023-22515
www.cve.org/CVERecord?id=CVE-2023-27997
www.cve.org/CVERecord?id=CVE-2023-3519
www.cve.org/CVERecord?id=CVE-2023-46604
www.cve.org/CVERecord?id=CVE-2023-46747
www.cve.org/CVERecord?id=CVE-2023-48788
www.cvedetails.com/cwe-details/122/Heap-based-Buffer-Overflow.html
www.cvedetails.com/cwe-details/288/Authentication-Bypass-Using-an-Alternate-Path-or-Channel.html
www.cvedetails.com/cwe-details/306/Missing-Authentication-for-Critical-Function.html
www.cvedetails.com/cwe-details/502/Deserialization-of-Untrusted-Data.html
www.cvedetails.com/cwe-details/787/Out-of-bounds-Write.html
www.cvedetails.com/cwe-details/89/Improper-Neutralization-of-Special-Elements-used-in-an-SQL-C.html
www.cvedetails.com/cwe-details/94/Improper-Control-of-Generation-of-Code-Code-Injection-.html
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a&title=%23StopRansomware%3A%20RansomHub%20Ransomware
www.fbi.gov/contact-us/field-offices
www.fortinet.com/blog/threat-research/ransomware-roundup-knight
www.ic3.gov/Home/ComplaintChoice
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
www.oig.dhs.gov/
www.stopransomware.gov/
www.uptycs.com/blog/threat-research-report-team/cyclops-ransomware-stealer-combo
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=%23StopRansomware%3A%20RansomHub%20Ransomware&body=www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.9%