An anonymous reader writes: A few weeks back the US and Canada were issuing joint alerts on the increase in ransomware infections. One of the reasons of those alerts is the SamSam ransomware which uses vulnerabilities in older JBoss servers to infect corporate networks with a backdoor and spread the ransomware to all users connected to the central server. Cisco has performed a thorough search on this JBoss backdoor, and found over 3.2 vulnerable servers. Looking more closely at the files and clues left behind by the usual SamSam backdoor, they've discovered 2,100 servers where the backdoor was in an inactive state, waiting to receive and spread the ransomware. The backdoor (a webshell) was also tracked down to the JexBoss project on GitHub, from where the crooks took code to build their webshell.