Black Kingdom Ransomware Penetrate Microsoft Exchange Server!

Microsoft released a one-click mitigation tool to revoke the Cyber Attacks that targeted the on-premises Exchange servers attack. The patch is capable to cure the 92% of vulnerabilities present in the internet server that was caused by ProxyLogon vulnerabilities.

These attacks are rapidly increasing as compare to the previous one, the ratio of these attacks are increased up to 43% and these malware campaigns hit thousands of organizations across the world and also having the 10 advanced persistent threat groups that executed the bugs more quickly.

How this Black Kingdom Works?

Black Kingdom Ransomware Penetrate Microsoft Exchange Server!

According to the experts, there are about 29,999 instances present in Microsoft Exchange server that may get exploited, However, the Exchange server is assaulted using the Chinese-linked state hacking group that also executed multiple attacks and exploited the proof-of-concept that caused and infect multiple organizations and while opening the door that escalating the attacks like stealing web shells or ransomware that was planted over the unpatched server of Exchange that delivers the cryptographers and other malware too.

Black Kingdom Ransomware Penetrate Microsoft Exchange Server!

The experts also added that the proof-of-concept automated attack scripts are publicly available makes the unskilled hackers gain remote control of the vulnerable Microsoft Exchange Server. However, Microsoft is releasing patches with two different strains of ransomware that have been discovered by leveraging the vulnerabilities and download malware named the Black Kingdom or DearCry.

Multiple security organizations that analyze the Black Kingdom paint the ransomware as it is the composition of some rudimentary and amateurish. While this Proxylogon flaw is used to deploy the webshell that utilizes the Power Shell command that downloads the ransomware payload which encrypts the files and the attackers demand the ransom in the form of bitcoin while exchanging the private key.

Whereas, the Black Kingdom ransomware is targeting the unpatched Exchange servers that have all the marks that were created using the motivated script-kiddie. The encryption tools and the techniques are imperfect but the ransom of $10,000 in the form of bitcoin.

The experts advised the organizations to take every attacker seriously and especially the low-quality ones. The volume of these attacks are disclosed publicly before the ProxyLogon has prompted the experts to investigate the exploit and that was shared or sold on the Dark Web Since the Microsoft partner company also shared the information about these vulnerabilities using the Microsoft Active Protections Program (MAPP) which accidentally or purposefully leaked the information of other groups which may lead to unwanted attacks.

Leave a Reply