Ransomware attack on Exchange Server due to ProxyShell Vulnerabilities

Aftab Alam
Aftab Alam | Published On - 27 Aug 2021 |

Read time 2 min

LockFile ransomware attack on Exchange Server

On April 21, 2021, Orange Tsai, a Principal Security Researcher, found three vulnerabilities in the Microsoft Exchange Server in the Pwn2Own 2021 hacking contest.

These vulnerabilities allowed an unauthorized remote code execution in the Exchange Server. Microsoft has fixed these loopholes in May, but somehow a team of hackers has bypassed these loopholes. They have attacked multiple systems with new ransomware called ProxyShell, and they are showing various messages to the Exchange users.messages to the Exchange users

The ransomware gang is known as LockFile, and they are showing a message that their files are encrypted, and they need to pay a certain amount in their wallet or contact them on their emails.

They do not provide much time to rethink and deliver various messages to pay them as soon as possible. LockFile uses the same Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities to encrypt the devices. Currently, there is not much information in the public domain about such a group, and the experts are trying hard to overcome these ransomware threats soon. Let us hope that there will be good news soon.