Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11This new ransomware is threatening unpatched Microsoft Exchange servers
In a detailed post, Sophos analysts revealed that the ransomware is written in the Go programming language, naming itself Epsilon Red.
Based on the crypto address provided by the attackers, Sophos believes at least one of Epsilon Red's victims paid a ransom of 4.29 BTC (Bitcoin) on May 15, or about $210,000.
'It appears that an enterprise Microsoft Exchange server is the first place attackers break into the corporate network. It's not clear if this was triggered by the ProxyLogon exploit or another vulnerability, but it seems the root cause is an unpatched server," said Andrew Brandt, principal researcher at Sophos.
According to Sophos, during the attack, to prepare the attacked machines for the eventual ransomware, the threat actors launch a series of PowerShell scripts. For example, attackers delete Volume Shadow copies to ensure encrypted machines cannot be recovered before distributing and launching the ransomware.
The ransomware itself is quite small and only really encrypts files, as all other aspects of the attack are performed by PowerShell scripts.
The ransomware's executable file contains some code, the researchers note, from an open source project called godirwalk that scans the drive and compiles it into a list.
Perhaps the strangest thing about the entire campaign is that Epsilon Red's ransom note "closely resembles" the note given by the attackers behind the REvil ransomware, although the grammar has been adjusted to similar to native English.
Kareem WintersYou should read it
- 7 kinds of ransomware you didn't expect
- LockBit Ransomware takes advantage of Microsoft Defender itself to infect
- How to get Epsilon secret outfits in GTA Online
- Introducing Exchange Server 2019, how to install Exchange Server 2019
- List of the 3 most dangerous and scary Ransomware viruses
- The attack on Microsoft Exchange increased while WannaCry showed signs of return
- Ransomware can encrypt cloud data
- Microsoft continues to 'delay' the plan to launch a new version of Exchange Server for another 4 years
May be interested
- Switch from Exchange 2000/2003 to Exchange Server 2007 (part 1)
how is the conversion from exchange server 2000 or exchange server 2003 to exchange server 2007 done? you will have to move data from every available exchange server in the exchange organization to the new exchange 2007 servers after having them shut down. - Detecting a new ransomware strain, not asking for data ransom, but only needing the victim to join the Hacker's Discord serverinternational security researchers have just stumbled upon a strain of ransomware that possesses rather strange behavior. called 'hog', this ransomware still enters the system and encrypts the victim's files.
- LockBit Ransomware takes advantage of Microsoft Defender itself to infectmicrosoft's anti/virus engine is being abused by hackers to upload cobalt strike beacons to potential victims' computers.
- Microsoft unhappy with customers using old version of Exchange, announces support deadlineearlier this month, microsoft announced exchange server subscription edition (se), marking the official transition of the product to the modern lifecycle policy.
- Open multiple Exchange Servers mailboxes with Outlook 2010in previous versions of outlook, this means you will have to use different outlook profiles or use outlook web app (owa) to make it harder to copy data between mailboxes or access the information. details from all servers.
- Introducing Exchange Server 2019, how to install Exchange Server 2019exchange server 2019 is designed to deliver security, performance, and improved manageability and operations - properties microsoft's biggest customers have come to expect from exchange.
- List of the 3 most dangerous and scary Ransomware viruseswhile security solutions to protect us from threats, hackers are increasingly improving, while malicious programs (malware) are also becoming more and more 'cunning'. and one of the recent threats is how to extort money through ransomware.
- Convert from Exchange 2000/2003 to Explorer Server 2007 (Part 3)forwarding exchange server from 2000 or 2003 to 2007 in the same active directory forest is not a complicated process. and since exchange 2007 can coexist with legacy exchange servers, you can perform the transition process under n
- The attack on Microsoft Exchange increased while WannaCry showed signs of returnthe series of security flaws that have existed for a long time in microsoft exchange and have only recently been patched have attracted a lot of attention from both users and cybercriminals.
- There is a tool to decrypt the ransomware that specializes in attacking businessesthis new ransomware is still in development.
Attack the network
- What malicious code is designed to spread through IoT devices?
- Warning: Microsoft and Google Clouds are being abused to launch large-scale phishing campaigns
- What are FragAttacks? how to protect your WiFi device from FragAttacks
- Wi-Fi Vulnerability Leads to FragAttacks Attacks
- Detected critical zero-day vulnerability on Adobe Reader
- All Wifi Devices Can Be Attacked by FragAttacks Vulnerabilities
What malicious code is designed to spread through IoT devices?
Warning: Microsoft and Google Clouds are being abused to launch large-scale phishing campaigns
What are FragAttacks? how to protect your WiFi device from FragAttacks
Wi-Fi Vulnerability Leads to FragAttacks Attacks
Detected critical zero-day vulnerability on Adobe Reader
All Wifi Devices Can Be Attacked by FragAttacks Vulnerabilities