Beware of ransomware attacks happening on ColdFusion 9 and earlier

Posted At : October 11, 2021 11:08 PM | Posted By : Charlie Arehart
Related Categories: updates, cf9, security
Comments: (0)

If you're running CF9 or 8, beware: a recent spate of ransomware attacks have occurred, hitting such old CF servers that were not updated (in ways offered by Adobe in 2010!) This news has been reported in various security industry press, but I want to share here more that they generally did not.

TLDR; A most basic message to hear is "get off of CF9", or any version of CF that is no longer supported. But for the sake of those who wonder, "while I work on that, is my CF 9 really impacted?", I address that, and more. But again updating 9 to just "leave it at that" and get on with your life is NOT the main message to be hearing!

Of course, it's always risky to run old versions of software, and to be clear, CF9 was released in 2009 and CF8 in 2007. Sadly, some shops drag their feet to keep even such old software updated (they each got updates for 5 years after their release). But the problem is really coming home to roost for some.

Who's affected, and who's not? And what can you do, if still on CF9 or 8? And what more is known about the attack?

For more, read on. (BTW, yes I am aware that this is not "new info", as some were sharing it as much as 2 weeks ago. It simply took me time to gather up all the info below, to provide more specifics than those general interest articles were sharing.)

[....Continue Reading....]

Comments (0)

Comments

There are no comments for this entry.

[Add Comment]

Enter your email address to subscribe to this blog.

Recent Comments

Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
Charlie Arehart said: Eric, thanks so much. I'd indeed missed that news, which is first partly because I find few people s ... [more]

Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
eric said: As of build 381 of JDK 8 with the exe or MSI will act the same way and remove older versions.

New updates released for Java 8, 11, 17, 21, and 22 as of Apr 16 2024: resources and thoughts
Charlie Arehart said: I'll say first that you can indeed update the jvm Lucee uses, just as you can with CF, though like C ... [more]

New updates released for Java 8, 11, 17, 21, and 22 as of Apr 16 2024: resources and thoughts
Chris said: Hi, we're new to Lucee (have previously been running on Adobe CF for some time). We've noticed that ... [more]

Recordings available for the recent 17-session Adobe ColdFusion Summit Online 2024
Gavin Pickin - Ortus Solutions said: Thanks Charlie for Compiling this, and also explaining the reasons behind the records from Las Vegas ... [more]

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Entries by year

2024

April (4)
March (1)
February (2)
January (6)

2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (97) [RSS]
apache (10) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (58) [RSS]
cf11 (43) [RSS]
cf2016 (56) [RSS]
CF2016 Intro Series (8) [RSS]
cf2018 (53) [RSS]
cf2021 (45) [RSS]
cf2023 (25) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (33) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (5) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (3) [RSS]
community (24) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (13) [RSS]
derby (5) [RSS]
docker (7) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (62) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (12) [RSS]
installation (8) [RSS]
introduction (2) [RSS]
java (42) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (1) [RSS]
logs (7) [RSS]
lucee (19) [RSS]
monitoring (42) [RSS]
news (21) [RSS]
orm (2) [RSS]
performance (13) [RSS]
personal (3) [RSS]
PMT (5) [RSS]
podcasts (5) [RSS]
presentations (27) [RSS]
railo (10) [RSS]
resource lists (26) [RSS]
security (26) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (8) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (71) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (51) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit East
Apr 2024

Into The Box
May 2024

CFCamp
June 2024

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by