Security News > 2021 > March > More Ransomware Gangs Targeting Vulnerable Exchange Servers
The Black Kingdom/Pydomer ransomware operators have joined the ranks of threat actors targeting the Exchange Server vulnerabilities that Microsoft disclosed in early March.
"As of today, we have seen a significant decrease in the number of still-vulnerable servers - more than 92% of known worldwide Exchange IPs are now patched or mitigated. We continue to work with our customers and partners to mitigate the vulnerabilities," Microsoft noted in a March 25 blog post.
The tech company reveals that additional ransomware families and botnets are now attempting to compromise the vulnerable servers.
Known to be targeting publicly disclosed vulnerabilities, including Pulse Secure VPN flaws, Pydomer operators were observed mass scanning for and attempting to compromise unpatched Exchange servers.
"While still maintaining their normal email-based campaigns, the Lemon Duck operators compromised numerous Exchange servers and moved in the direction of being more of a malware loader than a simple miner," Microsoft explains.
The company also underlines that attacks targeting Exchange servers may continue to impact organizations even after patches have been applied, through the use of stolen credentials, or persistent access.
News URL
Related news
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Germany seizes 47 crypto exchanges used by ransomware gangs (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)