Expert(s): Saryu Nayyar, Jorge Orchilles | Informationsecuritybuzz.com »
This Sunday security researcher Marcus Hutchins discovered Microsoft Exchange servers are now being targeted by BlackKingdom ransomware. Marcus, MalwareTechBlog on Twitter, tweeted his findings that a threat actor was compromising all vulnerable Exchange servers via ProxyLogon vulnerability.
Someone just ran this script on all vulnerable Exchange servers via ProxyLogon vulnerability. It claims to be BlackKingdom “Ransomware”, but it doesn’t appear to encrypt files, just drops a ransom not to every directory. pic.twitter.com/POYlPYGjsz
— MalwareTech (@MalwareTechBlog) March 21, 2021
External Link: BlackKingdom Targets Msoft Exchange- Experts Comment