HomeNewsBabuk ransomware attack; Microsoft Exchange ProxyShell used

Babuk ransomware attack; Microsoft Exchange ProxyShell used


Last Updated on 22/11/2021 by Anamika

Reportedly, a new threat actor is working to hack Microsoft Exchange ProxyShell servers to breach and get access to the company’s sensitive information by using ProxyShell vulnerability which is used to deploy the Babuk ransomware.

The ProxyShell attacks have been going for a few months now to make Microsoft Exchange servers vulnerable. LockFire and Conti were the first ransomware groups to exploit the servers.

According to a report by researchers at Cisco Talos, a Babuk ransomware affiliate known as ‘Tortilla’ had joined the club in October, when the actor started using the ‘China Chopper’ web shell on breached Exchange servers.

According to the reports of Bleeping Computer

Tortilla’s name came from malicious executables that were seen in campaigns using Tortilla.exe.

The Babuk ransomware attack starts with a DLL, or .NET executable dropped on the Exchange server using the ProxyShell vulnerability. Babuk ransomware was launched in the initial months of 2021, when it started targeting businesses and then attempting the double-exortion attacks and targeting businesses.

The ransomware attackers asked for ransom which starts from $10,000. In some cases, the attackers were asking high ransom in terms of Bitcoin.

Microsoft exchange servers are getting a lot of threats from many different attackers and it is high time that the company starts taking tough steps to stop these malicious attacks.

Anamika focuses on data privacy, data policy, digital policies, and puts users' privacy first. She loves exploring new tech and spends time looking around business politics and its impact on users and small businesses.
- Advertisment -

Must Read

Who will control the left $175B+ in silicon valley bank?

The Federal Deposit Insurance Corporation (FDIC) has ordered the closure of Silicon Valley Bank's startup venture capital cash division due to concerns over the...