Threat Watch

BlackKingdom “Ransomware” Attacks Vulnerable Exchange Servers

Originally reported by Bleeping Computer, security researcher Marcus Hutchins recently uncovered a ransomware campaign leveraging the ProxyLogon vulnerabilities in order to spread and infect a wide variety of targets with the BlackKingdom Ransomware.  While Hutchins only saw the ransomware drop the “readme.txt” ransom note, Michael Gillespie of ID Ransomware states that his system has seen over 30 unique submissions for this family, with many being submitted from mail servers.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As this ransomware leverages the ProxyLogon vulnerabilities, Binary Defense recommends patching if not already done so. Additionally, Microsoft’s MSERT tool can now be used to find web shells from Exchange Server Attacks. Finally, if patching is not an option, Microsoft has released an automatic ProxyLogon mitigation for Microsoft Defender.
https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-blackkingdom-ransomware/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support