Breaking News
Home / Indicator Content / Warning of serious vulnerabilities in HP iLO servers! (UBRiLo Ransomware Attack)

Warning of serious vulnerabilities in HP iLO servers! (UBRiLo Ransomware Attack)

Last night, UBCERT (the CERT of university of bojnurd) has revealed that some attackers have made successful ransom-ware attacks against HP servers using vulnerabilities in the HP iLO service. Victims have found their HP servers, shut down, damaged RAID configuration, and in some cases encrypted the entire storage space. Reliable observations suggest that almost none of the first victims of the UBRiLo attack have paid the requested amount until the moment of writing this report.
The iLo service, which is provided through an individual physical port is usually used by network administrators to monitor and manage HP servers, and there is a strong recommendation that, if used, it must be connected to an isolated network. It should be noted that the interface (iLO Interface) is also active even if the server is off.
This warning is published after the Iran’s CERT center and its collaborating research institutes have reported to all administrators of vulnerable systems in the IP-space of the country.
In order to prevent this attack, named UBRiLo, is strongly recommended for IT administrators to avoid using valid IP address on their iLo ports. They are advised to update the iLo to the latest version. Finally the IT admins are encouraged to back up their critical information with more attention.
UBCERT team is ready to share the information related to this special attack, with other CERTs or possible victims through Cert@UBCert.ir.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.