Microsoft Exchange servers are once again under attack as a security researcher has discovered a new campaign known as “BlackKingdom” that leverages the ProxyLogon vulnerabilities to deploy ransomware.
As reported by BleepingComputer, security researcher Marcus Hutchins from MalwareTechBlog detailed his discovery in a recent series of tweets, saying:
“Someone just ran this script on all vulnerable Exchange servers via ProxyLogon vulnerability. It claims to be BlackKingdom "Ransomware", but it doesn't appear to encrypt files, just drops a ransom note to every directory. According to my honeypot backlog, the same attacker ran the following script a few days prior, but it failed.”
While the attackers tried to push ransomware to Hutchins' honeypots, they did not become encrypted which suggests that he witnessed a failed attack.
