[the_ad id="12394"]
HomeNewsBabuk ransomware attack; Microsoft Exchange ProxyShell used

Babuk ransomware attack; Microsoft Exchange ProxyShell used

-

Reportedly, a new threat actor is working to hack Microsoft Exchange ProxyShell servers to breach and get access to the company’s sensitive information by using ProxyShell vulnerability which is used to deploy the Babuk ransomware.

The ProxyShell attacks have been going for a few months now to make Microsoft Exchange servers vulnerable. LockFire and Conti were the first ransomware groups to exploit the servers.

According to a report by researchers at Cisco Talos, a Babuk ransomware affiliate known as ‘Tortilla’ had joined the club in October, when the actor started using the ‘China Chopper’ web shell on breached Exchange servers.

According to the reports of Bleeping Computer

Tortilla’s name came from malicious executables that were seen in campaigns using Tortilla.exe.

The Babuk ransomware attack starts with a DLL, or .NET executable dropped on the Exchange server using the ProxyShell vulnerability. Babuk ransomware was launched in the initial months of 2021, when it started targeting businesses and then attempting the double-exortion attacks and targeting businesses.

The ransomware attackers asked for ransom which starts from $10,000. In some cases, the attackers were asking high ransom in terms of Bitcoin.

Microsoft exchange servers are getting a lot of threats from many different attackers and it is high time that the company starts taking tough steps to stop these malicious attacks.

Anamika
Anamika focuses on data privacy, data policy, digital policies, and puts users' privacy first. She loves exploring new tech and spends time looking around business politics and its impact on users and small businesses.

Must Read

Google is manufacturing an AR Headset

0
The hunt monster has as of late started increasing work on an AR headset, inside codenamed Project Iris, which it desires to deliver in...