Microsoft is asking all customers with exchange servers to ensure they have the latest update after a ransomware exploit was discovered in an earlier version of the software. writes zdnet.com.
Microsoft warns that a group of hackers is exploiting a vulnerability in Exchange servers that allows attackers to gain access to systems and use the BlackCat/ALPHV ransomware virus. The vulnerability was fixed by a security update released in March of this year.
Web Shell Attack
Security experts at Trend Micro were the first to report the Exchange vulnerability that allowed malicious people to access Exchange systems. Microsoft will not determine which vulnerabilities have been exploited. But write in one blogpost This vulnerability allows attackers to add and install a “web shell” to access servers remotely.
BlackCat ransomware is a so-called ransomware as a service, where the virus is delivered to customers as a service. Thus, different actors use the virus in different ways. Thus, there is different behavior between attackers, with different steps before the ransom is demanded, and there is no pattern for how to try attacks for different targets.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”
