Nasty new malware targets Microsoft Exchange servers

News
By published

Ransomware operators are once again going after Microsoft Exchange servers

cybercriminal
(Image credit: Pixabay)

A new ransomware operator known as LockFile encrypts Windows domains after breaking into vulnerable Microsoft Exchange servers using the recently disclosed ProxyShell exploit.

ProxyShell is the collective name of the exploit that consists of three chained vulnerabilities in Microsoft’s popular hosted email server vulnerabilities that give attackers unauthenticated, remote code execution powers.

While Microsoft fully patched these vulnerabilities in May 2021, more technical details were shared at the recently concluded Black Hat 2021 by cybersecurity researcher Orange Tsai, who discovered the ProxyShell vulnerabilities.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

BleepingComputer reports that the new details shared by Tsai allowed both security researchers and threat actors to reproduce the exploit

Ransomware on Exchange 

Following the talk, security researcher Kevin Beaumont noticed that threat actors began probing his Microsoft Exchange honeypot for the ProxyShell vulnerabilities once again.

Another security researcher Rich Warren, whose Exchange honeypot was also probed using the new attack vector, told BleepingComputer that while the initial payload deployed by the attackers on vulnerable servers was benign, it would soon be swapped out with something a lot more malicious, once the attackers have managed to break into enough servers.

His fears have now come true.

Beaumont now reports that a new ransomware operation known as LockFile uses ProxyShell to compromise the Exchange servers and then exploits the Windows PetitPotam vulnerabilities to take over Windows domains in order to encrypt devices.

First seen in July, BleepingComputer says there is very little known about the LockFile ransomware as of now. In any case, security experts urge users to immediately patch their Exchange servers by installing the latest cumulative updates.

Via BleepingComputer

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Flag of the People&#039;s Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
A person holding out their hand with a digital AI symbol.
This ransomware gang is using SSH tunnels to target VMware appliances
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Venezuela&#039;s forward #09 Jhonder Cadiz celebrates after scoring during the 2026 FIFA World Cup South American qualifiers football match between Ecuador and Venezuela, at the Rodrigo Paz Delgado stadium in Quito, on March 21, 2025 ahead of Venezuela vs Peru

Venezuela vs Peru live stream: how to watch FIFA World Cup 2026 qualifier anywhere online
See more latest
Most Popular
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'