Black Kingdom Ransomware Is Attacking Vulnerable Microsoft Exchange Servers

Ransomware attacks affecting DC events firm and Sierra Wireless, Top insurance company CNA hit by a ransomware attack, Personal information on all Israeli voters exposed online, much more

If you like Metacurity, please share this issue with your colleagues. Thank you!

In the midst of massive patching and remediation activity by admins everywhere, vulnerable Microsoft Exchange servers are under attack by a new ransomware gang called Black Kingdom. The gang was first spotted last year exploiting vulnerabilities in Pulse Secure VPN products.

The attacks were first spotted by Marcus Hutchins, a security researcher for US security firm Kryptos Logic, who initially noted that the gang failed to do any damage. However, according to security firms Arete IR, Sophos, and Speartip, the attacks changed at the start of the week, and the group is now encrypting files. (Catalin Cimpanu / The Record)

Related: Naked Security, TechTarget, Ars Technica, Search Security