Express Computer
Home  »  Security  »  ‘Black Kingdom’ ransomware taking advantage of ProxyLogon vulnerabilities

‘Black Kingdom’ ransomware taking advantage of ProxyLogon vulnerabilities

0 452

Following the reporting of the Microsoft Exchange vulnerabilities and the out-of-band release of security patches on March 2, a growing number of new adversaries are exploiting these bugs to launch attacks. Last week Sophos reported on attacks by DearCry ransomware.

Sophos has now published “Black Kingdom Ransomware Begins Appearing on Exchange Servers,” detailing Black Kingdom ransomware that has been targeting Exchange servers that remain unpatched against the ProxyLogon vulnerabilities.

Some of the key findings are summarized in the following commentary from Mark Loman, a ransomware expert at Sophos and director, engineering technology office.

If you are writing a story about Black Kingdom (or “Black KingDom RansmWere” according to the ransom note), ProxyLogon, or other ransomware attacks, please feel free to use Mark’s comments. We can also arrange an interview with Loman and other threat experts, as needed.

“It’s been three weeks since the release of security patches for the ProxyLogon vulnerabilities, and adversaries are racing against time to target still unpatched Exchange servers. As we saw with DearCry ransomware, this can lead to the release of prototype, rushed or poor quality code created by less experienced developers. Today we report on another example of this, perpetrated by the operators behind Black Kingdom ransomware.

“The Black Kingdom ransomware targeting unpatched Exchange servers has all the hallmarks of being created by a motivated script-kiddie. The encryption tools and techniques are imperfect but the ransom of $10,000 in bitcoin is low enough to be successful. Every threat should be taken seriously, even seemingly low-quality ones.

“Defenders should take urgent steps to install Microsoft’s patches to prevent exploitation of their Exchange Server. In addition, the Exchange server should be scanned for web shells that allow attackers run commands on the server. If this is not possible, the server should be disconnected from the internet or closely monitored by a threat response team.” – Mark Loman, director, engineering technology office, Sophos

Advertisement

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

GET MORE INTERESTING TRENDS & PERSPECTIVES ON CYBER SECURITY

Download exclusive & informative whitepapers related to cyber security
VISIT NOW
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image