Microsoft: Ransomware gangs are using unpatched Exchange servers to gain access, so get updating

Image: Getty

At least one ransomware group has been spotted using Exchange Server vulnerabilities to deploy BlackCat ransomware on target networks, according to Microsoft. 

Microsoft has warned that one cyber-criminal gang has used an unpatched Exchange Server to gain entry to a target organization to deploy the notorious BlackCat/ALPHV ransomware.

The company provides a case study of one cyber-criminal gang using Exchange Server flaws in BlackCat ransomware attacks as well as an overview of multiple ransomware gangs that previously used other ransomware.

SEE: Cloud computing dominates. But security is now the biggest challenge

The FBI in April warned that BlackCat ransomware had compromised at least 60 organizations worldwide since March 2022. BlackCat is the first ransomware to be built on the modern Rust programming language. 

The FBI in April warned that BlackCat affiliates use previously compromised user credentials to gain initial access to a victim network, but didn’t identify Exchange flaws as a point of entry. However, researchers at Trend Micro at the time reported BlackCat affiliates had used the Exchange CVE-2021-31207 flaw initial entry and to install a web shell on the server for remote access.  

Microsoft doesn’t specify which Exchange vulnerability was used in the BlackCat compromise it investigated, but it

Read More: