Security News > 2021 > March > BlackKingdom ransomware still exploiting insecure Exchange servers
Exploit the Exchange bugs to write a booby-trapped web file called a webshell onto a vulnerable server.
Although Hafnium attacks were associated with Microsoft Exchange in media coverage, the attacks these crooks were carrying out once they got in were not specific to networks using Exchange.
Although Hafnium was associated with data exfiltration and thus with potential industrial espionage, intrusions via these Exchange bugs could lead to many other crimes, notably including ransomware attacks.
It's the last of these issues that concerns us here, because the Sophos Managed Threat Response team recently investigated a number of cases in which networks that hadn't been patched against the abovementioned Exchange bugs had been infiltrated and attacked by a strain of ransomware going by the dramatic name of BlackKingdom.
Although BlackKingdom is not technically sophisticated, that's cold comfort if it's just scrambled all your files.
So could any other crooks who came across your unpatched servers before, during or after the BlackKingdom attack.
News URL
Related news
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Germany seizes 47 crypto exchanges used by ransomware gangs (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)