• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers

You are here: Home / General Cyber Security News / BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers
June 16, 2022

BlackCat ransomware

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to acquire accessibility to focused networks.

On getting an entry level, the attackers quickly moved to gather data about the compromised devices, adopted by carrying out credential theft and lateral movement routines, just before harvesting intellectual residence and dropping the ransomware payload.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The full sequence of situations performed out more than the class of two total months, the Microsoft 365 Defender Threat Intelligence Team reported in a report posted this 7 days.

“In one more incident we noticed, we observed that a ransomware affiliate acquired original obtain to the setting via an internet-struggling with Remote Desktop server utilizing compromised credentials to indication in,” the scientists stated, pointing out how “no two BlackCat ‘lives’ or deployments could possibly search the very same.”

CyberSecurity

BlackCat, also identified by the names ALPHV and Noberus, is a relatively new entrant to the hyperactive ransomware space. It really is also recognised to be one of the very first cross-system ransomware written in Rust, exemplifying a trend where by risk actors are switching to uncommon programming languages in an endeavor to evade detection.

The ransomware-as-a-assistance (RaaS) scheme, irrespective of the various original entry vectors utilized, culminates in the exfiltration and encryption of target info which is then held ransom as part of what’s known as double extortion.

BlackCat ransomware

The RaaS design has established to be a rewarding gig financial state-model cybercriminal ecosystem consisting of a few distinctive critical gamers: obtain brokers (IABs), who compromise networks and maintain persistence operators, who create and preserve the ransomware operations and affiliates, who obtain the access from IABs to deploy the actual payload.

According to an alert produced by the U.S. Federal Bureau of Investigation (FBI), BlackCat ransomware attacks have victimized at least 60 entities around the globe as of March 2022 considering that it was 1st noticed in November 2021.

BlackCat ransomware

Furthermore, Microsoft explained that “two of the most prolific” affiliate danger teams, which have been connected with numerous ransomware family members such as Hive, Conti, REvil, and LockBit 2., are now distributing BlackCat.

CyberSecurity

This involves DEV-0237 (aka FIN12), a fiscally enthusiastic risk actor that was very last viewed concentrating on the health care sector in Oct 2021, and DEV-0504, which has been energetic since 2020 and has a sample of shifting payloads when a RaaS plan shuts down.

“DEV-0504 was responsible for deploying BlackCat ransomware in providers in the electrical power sector in January 2022,” Microsoft famous very last thirty day period. “All-around the similar time, DEV-0504 also deployed BlackCat in attacks from organizations in the fashion, tobacco, IT, and manufacturing industries, among other individuals.”

Identified this short article fascinating? Follow THN on Fb, Twitter  and LinkedIn to go through a lot more unique articles we post.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «a microsoft office 365 feature could help ransomware hackers hold A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers
  • A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage
  • Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning
  • IT Pro News In Review: UK 4 day week, ransomware payment rise, IBM cut ties with Russia
  • IT Pro News In Review: Frontier Supercomputer, BT and Ericsson offer 5G, and Italy warns of hacks
  • Corporate Network Access Selling for Under $1000 on Dark Web
  • Cyber-Criminals Smuggle Ukrainian Men Across Border
  • Cisco unveils new ‘intelligent’ approach to networking with brace of product launches
  • Global Police Arrest Thousands in Fraud Crackdown
  • Deepfake attacks expected to be next major threat to businesses

Copyright © TheCyberSecurity.News, All Rights Reserved.