Security News > 2021 > March > Microsoft Exchange servers now targeted by Black Kingdom ransomware
Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.
Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.
Based on submissions to ransomware identification site ID Ransomware, the Black Kingdom campaign has encrypted other victim's devices, with the first submissions seen on March 18th. Michael Gillespie, the creator of ID Ransomware, told BleepingComputer that his system has seen over 30 unique submissions to his system, with many being submitted directly from mail servers.
Another ransomware known as BlackKingdom was previously used in attacks in June 2020 when corporate networks were compromised using Pulse VPN vulnerabilities.
The Black Kingdom ransomware from June 2020 was also coded in Python.
Black Kingdom is the second confirmed ransomware targeting the Microsoft Exchange ProxyLogon vulnerabilities.
News URL
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)