As Bleepingcomputer reports: Microsoft experts explain in their blog how BlackCat ransomware partners are currently attacking many Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.
"While common entry vectors for these threat actors include remote desktop applications and compromised credentials, we've also seen a threat actor exploit vulnerabilities in Exchange servers to gain access to the target network," said the Microsoft 365 Defender Threat Intelligence team .
Although Microsoft did not identify the ransomware subsidiary that deployed BlackCat ransomware in this case study, the company says several cybercrime groups are now partners with this ransomware as a service (RaaS) operation and are actively using it for attacks .
Cyber criminals are increasingly using BlackCat ransomware
One of them, a financially motivated cybercrime group tracked as FIN12, is known for previously using Ryuk, Conti, and Hive ransomware in attacks primarily targeting healthcare organizations. "We observed that this group added BlackCat to their list of distributed payloads as of March 2022," Microsoft added. "Their switch to BlackCat from their most recently used payload (Hive) is believed to be due to public discourse over the latter's decryption methods."
To protect against BlackCat ransomware attacks, Microsoft advises organizations to verify their identities, monitor external access to their networks, and update any vulnerable Exchange servers in their environment as soon as possible.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.