Security News > 2021 > March > Microsoft: Black Kingdom ransomware hacked 1.5K Exchange servers
Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks.
More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.
While the ransomware gang failed to encrypt any files on Hutchins' honeypots, the ID Ransomware submissions are all from successfully encrypted Exchange servers.
While a connection has not yet been made, another ransomware dubbed Black Kingdom targeted corporate networks with Pulse Secure VPN exploits in June 2020.
BleepingComputer has confirmed that last year's Black Kingdom ransomware was also a Python-based malware.
Black Kingdom is the second confirmed ransomware that targets unpatched Microsoft Exchange servers with ProxyLogon exploits.
News URL
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)