Block These Recently Leaked VPN Passwords to Prevent Ransomware Attacks [new data]

(Last updated on September 14, 2021)

Worried about ransomware attacks? Recent attack news indicates you should be looking to secure your VPN connections. Last week, we learned that thousands of Fortinet VPN passwords had been leaked on the dark web by a former ransomware operator. The Specops research team obtained the leaked data and is sharing the results of their analysis. This analysis coincides with the latest update to the Specops Breached Password Protection service.

According to our team’s research, which analyzed the almost 175,000 passwords included in the leak, a lot of the most common passwords used for these VPN connections were weak. “Temporal2020” was found over 835 times in the dataset while “password” was found over 1522 times as a base word used in longer passwords.

Top 10 VPN Passwords

  1. Temporal2020 
  2. 123456 
  3. asdf123 
  4. Juzgado2020 
  5. pass@123 
  6. Password1 
  7. macaw777 
  8. P@ssw0rd 
  9. U-SG-SSL-General_User 
  10. 12345678 

Top 10 Base Words Used in Fortinet VPN Passwords

  1. password 
  2. temporal 
  3. juzgado 
  4. pass 
  5. welcome 
  6. p@ssw0rd 
  7. promesa 
  8. v3nt 
  9. asdf
  10. test 

The Fortinet leak comes just a few months after the Colonial Pipeline ransomware attack which was the result of a compromised VPN password.

In addition to the leaked VPN passwords, Specops updated the Specops Breached Password Protection with an additional 2 million passwords, likely to be used in network attacks. The additions come from 3rd party research as well as the Specops team’s internal attack monitoring systems that are set to capture passwords being used in spray attacks right now.

“This leak is unfortunate but not completely surprising. We know that ransomware attacks are continuing to rise and that the VPN password is a popular path in to then deploy ransomware,” said Product Specialist Darren James. “We saw it with the Colonial Pipeline attack, and now we see it here with this VPN leak. VPN passwords are still vulnerable and this data shows that people are still not choosing strong passwords. Even when preventing ransomware, organizations need to remember the security basics – enforce strong passwords checked against a breached list.”

Curious if you have any of these passwords in use in your organization’s Active Directory? You can find out how many of your Active Directory users are using compromised passwords like these by running a free, read-only scan with Specops Password Auditor. Read more and download it here.

With Specops Password Policy and Breached Password Protection, companies can block over 2 billion compromised passwords (including the ones from this Fortinet leak) in Active Directory. These compromised passwords include ones used in real attacks today or are on known breached password lists, making it easy to comply with industry regulations such as NIST or NCSC. Our research team’s attack monitoring data collection systems update the service daily and ensure networks are protected from real world password attacks happening right now. The Breached Password Protection service blocks these banned passwords in Active Directory with customizable end-user messaging that helps reduce calls to the service desk.

About Specops Software

Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Every day thousands of organizations use Specops Software to protect business data.

Media Contact

Media contact details can be found on this page.

Back to Blog