Microsoft: Exchange servers hacked to deploy BlackCat ransomware

2022-06-13 17:14

Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.

Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.

While Microsoft did not name the ransomware affiliate who deployed BlackCat ransomware in this case study, the company says several cybercrime groups are now affiliates of this Ransomware as a Service operation and are actively using it in attacks.

BlackCat ransomware is also being deployed by an affiliate group tracked as DEV-0504 that typically exfiltrates stolen data using Stealbit, a malicious tool the LockBit gang provides its affiliates as part of its RaaS program.

To defend against BlackCat ransomware attacks, Microsoft advises organizations to review their identity posture, monitor external access to their networks, and update all vulnerable Exchange servers in their environment as soon as possible.

In April, the FBI warned in a flash alert that the BlackCat ransomware had been used to encrypt the networks of at least 60 organizations worldwide between November 2021 and March 2022.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware/

#exchange #hacked #microsoft #ransomware #server

News URL

Related news