Hackers are finding new ways to exploit vulnerable servers, especially an unpatched Microsoft Exchange server. Security experts are warning of a new strain of ransomware, targeting Exchange email servers that yet to be patched with an update. A surge of ransomware called ‘Black Kingdom’, was detected by Sophos on March 18th, Black Kingdom is complicated ransomware so far, it has a great potential in causing a great amount of damage.
Security firms are warning with this surge of ransomware occurring, causing thousands of victims to fall into the trap, several hacking groups are now targeting these unpatched vulnerabilities, it was started as early as this year January. One of the victims of this ransomware paid $9,400 worth of bitcoin to the perpetrator, another example is from an automotive supplier who was also reported to be victimized by the Black Kingdom.
The executable is py2exe, and if run successfully looks like this. Seems to be total skidware and it's unclear how many systems it successfully ran on, if any. pic.twitter.com/CcvRsBjbbf— MalwareTech (@MalwareTechBlog) March 21, 2021
MalwareTech tweeted this on Sunday, Black Kingdom hackers are running a script on a vulnerable Exchange server on unencrypt files, the hackers simply dropped a note on the directory, demanding a ransom of $10,000 worth of bitcoin, it believe this tactic was to just scare the victim to pay up the cryptocurrency or else the unencrypted files will be stolen.
Researcher Marcus Hutchins said, "Black Kingdom switching from actual ransomware to scareware which claims your files were uploaded would suggest the ransomware wasn't working well. The bitcoin address appears to be static, and so far, they've received only 1 payment in 3 days."
There are still remaining thousands of unpatched servers which are still vulnerable, but it’s still unclear how this Black Kingdom ransomware is impacting patched Exchange servers.