Security News > 2021 > March > Microsoft Exchange servers now targeted by BlackKingdom ransomware
Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.
Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.
Based on submissions to ransomware identification site ID Ransomware, the Black Kingdom campaign has encrypted other victim's devices, with the first submissions seen on March 18th. Michael Gillespie, the creator of ID Ransomware, told BleepingComputer that his system has seen over 30 unique submissions to his system, with many being submitted directly from mail servers.
Another ransomware known as BlackKingdom was previously used in attacks in June 2020 when corporate networks were compromised using Pulse VPN vulnerabilities.
The Black Kingdom ransomware from June 2020 was also coded in Python.
Black Kingdom is the second confirmed ransomware targeting the Microsoft Exchange ProxyLogon vulnerabilities.
News URL
Related news
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector (source)
- Germany seizes 47 crypto exchanges used by ransomware gangs (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)