Microsoft Exchange server hacked by LockFile ransomware
The hacker group behind a new ransomware called LockFile has encrypted Windows domains after hacking into Microsoft Exchange servers with the ProxyShell vulnerability.
ProxyShell is the name of an attack that includes a series of three Microsoft Exchange vulnerabilities. If the exploit is successful, the hacker can execute code remotely without authentication.
These three vulnerabilities were discovered by a security researcher. He linked them together to take control of a Microsoft Exchange server in April at the Pwn2Own 2021 hacking contest.
The list of 3 specific vulnerabilities is as follows:
- CVE-2021-34473 (patched in April with update KB5001779)
- CVE-2021-34523 (patched in April with update KB5001779)
- CVE-2021-31207 (patched in May with update KB5003435)
Since Microsoft has released patches for all three vulnerabilities, many technical details have been revealed. Therefore, both security researchers and hackers can easily develop exploit methods.
Among these, appeared a new ransomware called LockFile. The people behind this ransomware are actively scanning for unpatched Microsoft Exchange servers.
By taking advantage of ProxyShell, an attacker will get into Microsoft Exchange servers. They then continued to exploit the PetitPotam vulnerability to take control of the domain driver and then the Windows domain.
From here, they spread ransomware to the entire network of the attacked company or organization.
LockFile is a newly emerged ransomware. According to experts' research, LockFile is quite troublesome when it takes up a lot of system resources and causes the computer to temporarily freeze if infected.
To avoid being attacked by hackers, security experts recommend that users and enterprise IT administrators immediately update to the latest Windows 10 patches.
You should read it
- This new ransomware is threatening unpatched Microsoft Exchange servers
- 7 kinds of ransomware you didn't expect
- Introducing Exchange Server 2019, how to install Exchange Server 2019
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- List of the 3 most dangerous and scary Ransomware viruses
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- Microsoft continues to 'delay' the plan to launch a new version of Exchange Server for another 4 years
- Ransomware can encrypt cloud data
- LockBit Ransomware takes advantage of Microsoft Defender itself to infect
- What is Epsilon Red Ransomware?
- Microsoft begins offering Exchange Server updates in .exe packages
- General guidelines for decoding ransomware
Maybe you are interested
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application
Microsoft 365 Android PDF Viewer shows ads, even with subscription
10 Useful Table Formatting Tips in Microsoft Word
Here's everything Microsoft knows about your PC!