Security News > 2021 > March > BlackKingdom ransomware still exploiting insecure Exchange servers

Exploit the Exchange bugs to write a booby-trapped web file called a webshell onto a vulnerable server.
Although Hafnium attacks were associated with Microsoft Exchange in media coverage, the attacks these crooks were carrying out once they got in were not specific to networks using Exchange.
Although Hafnium was associated with data exfiltration and thus with potential industrial espionage, intrusions via these Exchange bugs could lead to many other crimes, notably including ransomware attacks.
It's the last of these issues that concerns us here, because the Sophos Managed Threat Response team recently investigated a number of cases in which networks that hadn't been patched against the abovementioned Exchange bugs had been infiltrated and attacked by a strain of ransomware going by the dramatic name of BlackKingdom.
Although BlackKingdom is not technically sophisticated, that's cold comfort if it's just scrambled all your files.
So could any other crooks who came across your unpatched servers before, during or after the BlackKingdom attack.
News URL
Related news
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Germany takes down eXch cryptocurrency exchange, seizes servers (source)
- Police takes down 300 servers in ransomware supply-chain crackdown (source)
- 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide (source)