
If Your Business Uses Fortinet Security Software, Take Action Now
Criminals stole login credentials from Fortinet security systems and are using them to break into business networks and install ransomware.
Source
BleepingComputer
Original headline: FortiBleed credential-theft campaign linked to Lynx ransomware
Plain-English summary by GetCyberRight. Read the full report at the source above.
A large campaign to steal passwords from Fortinet security systems has been connected to ransomware attacks. Fortinet makes security equipment that many businesses use to protect their networks. Criminals stole login credentials from these systems in what is being called the FortiBleed campaign. Those stolen passwords are now being used by ransomware groups called INC and Lynx to break into company networks, lock up files, and demand payment. This matters to families because if you work for a company that uses Fortinet equipment, your employer could be targeted. A ransomware attack on your employer could mean your personal employee information (Social Security number, address, banking details for direct deposit) gets stolen. It could also mean your workplace shuts down temporarily, affecting your paycheck and job security. If your spouse or adult children work for small to medium businesses, they are especially at risk since these companies often use Fortinet products.
What you should do right now:
- Tell your IT department at work about this threat if you know your company uses Fortinet products (you can ask your IT team directly).
- Change your work computer password and any passwords you use to access work systems from home.
- Back up any important work files you are allowed to keep copies of to a personal drive or cloud storage.
- Never use your work passwords for personal accounts, and vice versa.
- If your company experiences a ransomware attack and your personal employee data is affected, immediately freeze your credit with all three credit bureaus. For long-term protection, understand that workplace security affects your personal life. Encourage your employer to take cybersecurity seriously by asking questions about how they protect employee data. At home, maintain completely separate passwords for work and personal accounts. Keep offline backups of important personal documents like tax returns, medical records, and family photos on an external hard drive that you disconnect from your computer after backing up. This protects you if either your workplace or home computer gets hit with ransomware.
Curated from trusted cybersecurity sources by GetCyberRight
Source: BleepingComputerStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Major Security Flaw Exposed 75,000 Business Firewalls. Here's Why It Matters to You
A security flaw called FortiBleed left 75,000 firewalls vulnerable. If your employer, school, or service provider uses Fortinet, your data may be at risk.
2 min read
Major Security Flaw Left 75,000 Business Firewalls Wide Open
A security problem called FortiBleed exposed business networks for years. If your workplace uses Fortinet systems, ask IT about updates.
2 min read
Massive Password Theft Campaign Targets Business Security Systems
Criminals stole credentials from Fortinet security systems to prepare for ransomware attacks. If your workplace uses Fortinet, discuss security updates with your IT team.
2 min read
Kubota Tractor Company Had Hackers in Its Systems for Over a Month
Kubota North America revealed hackers accessed its network systems for more than 30 days. Customer information may have been exposed during this time.
2 min read