Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Nasty new malware targets Microsoft Exchange servers

Image Description

A new ransomware operator known as LockFile encrypts Windows domains after breaking into vulnerable Microsoft Exchange servers using the recently disclosed ProxyShell exploit.

ProxyShell is the collective name of the exploit that consists of three chained vulnerabilities in Microsoft’s popular hosted email server vulnerabilities that give attackers unauthenticated, remote code execution powers.

While Microsoft fully patched these vulnerabilities in May 2021, more technical details were shared at the recently concluded Black Hat 2021 by cybersecurity researcher Orange Tsai, who discovered the ProxyShell vulnerabilities.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window

BleepingComputer reports that the new details shared by Tsai allowed both security researchers and threat actors to reproduce the exploit. 

Ransomware on Exchange 

Following the talk, security researcher Kevin Beaumont noticed that threat actors began probing his Microsoft Exchange honeypot for the ProxyShell vulnerabilities once again.

Another security researcher Rich Warren, whose Exchange honeypot was also probed using the new attack vector, told BleepingComputer that while the initial payload deployed by the attackers on vulnerable servers was benign, it would soon be swapped out with something a lot more malicious, once the attackers have managed to break into enough servers.

His fears have now come true.

Beaumont now reports that a new ransomware operation known as LockFile uses ProxyShell to compromise the Exchange servers and then exploits the Windows PetitPotam vulnerabilities to take over Windows domains in order to encrypt devices.

First seen in July, BleepingComputer says there is very little known about the LockFile ransomware as of now. In any case, security experts urge users to immediately patch their Exchange servers by installing the latest cumulative updates.

Via BleepingComputer

Date

23 Aug 2021

Sources


Share


Other Blog

  • If Windows 11 really wants to compete with iOS and Android, it’s doing it wrong

    The Microsoft Store in Windows 11 is getting some big changes, but it’s still going to be a bit of a mess.

    Read More
  • Samsung’s new webcam monitor looks ideal for working from home

    Samsung has announced a new 24-inch monitor with a built-in webcam, which looks suited for those working from home.

    Read More
  • Amazon India to provide digital devices to underprivileged students

    Even as it makes education a priority vista for its growth, Amazon India is directly providing 20,000  digital devices to underprivileged young people, in partnership with over 150 large and small non-profit organisations, impacting over 100,000 students across India.

    This is as a part of its 'Delivering Smiles' campaign that it has launched to increase accessibility of digital devices for students from impoverished communities.

    Of these 150 organisations, 100 non-profit partners will be selected based on internal employee nominations as part of Amazon’s volunteering program. 

    Additionally, Amazon is also encouraging its customers to either contribute in cash on Amazon Pay or give their old mobile phones that will be refurbished and distributed to provide digital learning devices for young people.

    Amazon customers too can chip in

    “Together with our customers, employees and partners, we aim to bridge the (digital) gap by enabling young people with digital devices for continued access to online education and essential services for their families. This is also our way to bring more smiles and add to the festive cheer of Amazon’s Great Indian Festival across the length and breadth of the country,” said Manish Tiwary, Vice President, Amazon India. 

    “Amazon is committed to invest in the future of our country. We are aware that while talent and passion is spread across all young people, opportunity is not. This also led us to recently launch our global signature computer science education initiative, Amazon Future Engineer, in India that aims to enable access to quality computer science education and career opportunities for underprivileged students,” he added.    

    Amazon said that cash contribution from customers is enabled by a partnership between Amazon Pay and GiveIndia, India’s largest and most trusted giving platform. Proceeds from the contribution will be used for purchasing new devices, data cards and digital accessories for students. 

    Customers will also be enabled to contribute their old mobile phones online, whereby Cashify, Amazon’s  partner in this initiative will enable the pick-up of old mobiles that will be refurbished and given to Goonj, India’s leading nonprofit organization working in the field of sustainable material giving, to benefit thousands of young people.

    Read More
  • Google Cloud wants to make it easier than ever for developers to get up and running

    Google Cloud has added a number of new features that should make it easier for developers to find existing code samples for their own projects.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us