Security News > 2021 > November > Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.
The ProxyShell attacks against vulnerable Microsoft Exchange servers started several months ago, with LockFile and Conti being among the first ransomware groups to exploit them.
According to a report by researchers at Cisco Talos, a Babuk ransomware affiliate known as 'Tortilla' had joined the club in October, when the actor started using the 'China Chopper' web shell on breached Exchange servers.
Babuk Locker is a ransomware operation launched at the beginning of 2021 when it began targeting businesses and encrypting their data in double-extortion attacks.
After the source code for the first version of Babuk and a builder were leaked on hacking forums, other threat actors began utilizing the ransomware to launch their own attacks.
As the ransom note used in these attacks ask for a low $10,000 in Monero, it is likely not conducted by the original Babuk operation, who demanded far larger ransomware in Bitcoin.
News URL
Related news
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- International cops seize ransomware crooks' favorite Russian crypto exchange (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
- Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)