More than 2,000 machines at schools and other organizations have been infected with a backdoor in unpatched versions of JBoss that could be used at any moment to install ransomware such as Samsam.
That's according to Cisco's Talos threat-intelligence organization, which on Friday announced that roughly 3.2 million machines worldwide are at risk.
Many of those already infected run Follett's Destiny library-management software, which is used by K-12 schools worldwide.
"Follett identified the issue and immediately took actions to address and close the vulnerability," the company told Cisco.
Follett provides patches for systems running version 9.0 to 13.5 of its software and says it will help remove any backdoors. Its technical support staff will reach out to customers found to have suspicious files on their systems.