Security News > 2021 > March > Microsoft Exchange servers now targeted by Black Kingdom ransomware

Microsoft Exchange servers now targeted by Black Kingdom ransomware
2021-03-22 13:07

Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.

Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.

Based on submissions to ransomware identification site ID Ransomware, the Black Kingdom campaign has encrypted other victim's devices, with the first submissions seen on March 18th. Michael Gillespie, the creator of ID Ransomware, told BleepingComputer that his system has seen over 30 unique submissions to his system, with many being submitted directly from mail servers.

Another ransomware known as BlackKingdom was previously used in attacks in June 2020 when corporate networks were compromised using Pulse VPN vulnerabilities.

The Black Kingdom ransomware from June 2020 was also coded in Python.

Black Kingdom is the second confirmed ransomware targeting the Microsoft Exchange ProxyLogon vulnerabilities.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-black-kingdom-ransomware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5128 264 7775