Microsoft Exchange servers are under attack once again cybercriminal
Microsoft Exchange servers are once again under attack as a security researcher has discovered a new campaign known as “BlackKingdom” that leverages the ProxyLogon vulnerabilities to deploy ransomware.
As reported by BleepingComputer, security researcher Marcus Hutchins from MalwareTechBlog detailed his discovery in a recent series of tweets, saying:
“Someone just ran this script on all vulnerable Exchange servers via ProxyLogon vulnerability. It claims to be BlackKingdom “Ransomware”, but it doesn’t appear to encrypt files, just drops a ransom note to every directory. According to my honeypot backlog, the same attacker ran the following script a few days prior, but it failed.”
While the attackers tried to push ransomware to Hutchins’ honeypots, they did not become encrypted which suggests that he witnessed a failed attack.
BlackKingdom
Although the attackers unsuccessfully tried to encrypt Hutchin’s honeypots, submissions to the ransomware identification site ID Ransomware show that BlackKingdom was successfully able to encrypt other victim’s devices in mid-March.
So far BlackKingdom has infected victims in the US, Canada, Austrai, Switzerland, Russia, France, Israel, the UK, Italy, Germany, Greece, Australia and Croatia.
When successfully deployed, the ransomware encrypts files using random extensions and then leaves a ransom note named decrypt_file.TxT. However, in his research, Hutchins found a different ransom note named ReadMe.txt which used text that is slightly different. Both ransom notes request that victims pay $10,000 in bitcoin to unencrypt their servers.
This isn’t the first time that a ransomware known as BlackKingdom has been observed in the wild. Back in June of last year, another ransomware by the same name was used to compromise corporate networks by exploiting vulnerabilities in Pulse VPN. Although it has yet to be confirmed, both versions of the BlackKingdom ransomware were written in Python.
Another ransomware known as DearCry was also used to launch attacks against Microsoft Exchange servers by exploiting the ProxyLogon vulnerabilities earlier this month.
Via BleepingComputer
Microsoft Exchange servers are once again under attack as a security researcher has discovered a new campaign known as “BlackKingdom” that leverages the ProxyLogon vulnerabilities to deploy ransomware. As reported by BleepingComputer, security researcher Marcus Hutchins from MalwareTechBlog detailed his discovery in a recent series of tweets, saying: “Someone just…
Recent Posts
- Threads wants to let you wipe your old posts away
- Drake threatened with lawsuit over diss track featuring AI Tupac
- The next HomePod could be more like a soundbar according to this Apple patent – and it hints at fixing the HomePod 2’s biggest issue
- Adobe’s next big project is an AI that can upscale low-res video to 8x its original quality
- PUBG will take a nostalgia-infused trip back to its first map in May
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011