Security News > 2021 > May > New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers

A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.

Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.

Incident responders at cybersecurity company Sophos discovered the new Epsilon Red ransomware over the past week while investigating an attack at a fairly large U.S. company in the hospitality sector.

One of these, c.ps1, seems to be a clone of the penetration testing tool Copy-VSS. After breaching the network, the hackers reach machines over RDP and use Windows Management Instrumentation to install software and run PowerShell scripts that ultimately deploy Epsilon Red executable.

In typical ransomware fashion, Epsilon Red drops in each processed folder the ransom note with instructions on how to contact the attackers for negotiating a data decryption price.

Despite being new in the ransomware business, the Epsilon Red ransomware gang has attacked several companies and the incidents are being investigated by multiple cybersecurity firms.

News URL

https://www.bleepingcomputer.com/news/security/new-epsilon-red-ransomware-hunts-unpatched-microsoft-exchange-servers/