Security News > 2021 > May > New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.
Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.
Incident responders at cybersecurity company Sophos discovered the new Epsilon Red ransomware over the past week while investigating an attack at a fairly large U.S. company in the hospitality sector.
One of these, c.ps1, seems to be a clone of the penetration testing tool Copy-VSS. After breaching the network, the hackers reach machines over RDP and use Windows Management Instrumentation to install software and run PowerShell scripts that ultimately deploy Epsilon Red executable.
In typical ransomware fashion, Epsilon Red drops in each processed folder the ransom note with instructions on how to contact the attackers for negotiating a data decryption price.
Despite being new in the ransomware business, the Epsilon Red ransomware gang has attacked several companies and the incidents are being investigated by multiple cybersecurity firms.
News URL
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)