Microsoft Exchange Server LockFile Ransomware Targets Windows Domains


Microsoft Exchange servers are once again the target of attacks. During this year, the exploits of Microsoft Exchange Server led to massive breaches. Now another threat is on the way affecting servers in Asia and USA Known as LockFile, this is a ransomware attack discovered by Symantec.

LockFile has been active since at least July 20. Threat actors leading successful attacks can take control of Windows domains and encrypt devices. Once they have control of a device, they have the potential to spread ransomware over a network.

Symantec points out that LockFile uses the PetitPotam exploit, using the vulnerability after breaching Microsoft Exchange servers. The company says it’s not clear how the initial Microsoft Exchange Server breach is carried out.


While Microsoft patched the platform during the year, there is no current patch for the PetitPotam vulnerability. Along with Symantec’s discovery, the Cybersecurity & Infrastructure Security Agency also issued a notice:

“Malicious cyber actors actively exploit the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s security update from May 2021, which fixes the three vulnerabilities of ProxyShell, to protect against these attacks.

A 2021 to forget for Microsoft Exchange Server

Microsoft Exchange Server has been successfully attacked via an exploit first used by the HAFNIUM group. More and more hackers have since exploited the exploit for their own attacks. Microsoft has sent fixes for all versions of the service, including those that are not supported. However, these fixes require users to install the update.

Microsoft says updating Exchange Server is the best way to avoid the exploit. Additionally, the company launched a tool to help customers find out if they’ve been raped. In April, Microsoft released a new update to the security fixes for Exchange Server.

However, as we recently reported, some attacks persist and target organizations that have not patched their systems.

Tip of the day: Windows 10’s Clipboard History feature provides functionality across devices, space and time, allowing you to copy to one computer and paste the text a few days later on another PC . All of this is possible through Windows 10’s Clipboard Manager, which lets you view, delete, pin, and clear clipboard history at will.

In our tutorial, we show you how to turn on the feature, clear clipboard history, and turn clipboard sync on / off to meet your preferences. You can also create a clear shortcut to the clipboard to quickly delete the stored content.


Source link

About Brian Steele

Brian Steele

Check Also

How to turn off Windows 10 Gamebar pop-ups and notifications

If you’ve played Xbox games on Windows 10, whether through Game Pass or otherwise, there’s …

Leave a Reply

Your email address will not be published. Required fields are marked *