LockBit Ransomware Deployed via Windows Exchange Server Hack

Cybercriminals have reportedly exploited a Microsoft zero-day vulnerability to hack Exchange servers.

Malicious actors are exploiting a Microsoft zero-day vulnerability to hack Exchange servers and deploy LockBit 3.0 ransomware, as reported by AhnLab.

Microsoft Exchange Servers Are At Risk of Ransomware Attacks

A new Microsoft zero-day bug is allegedly being exploited to launch LockBit 3.0, a dangerous ransomware program capable of encrypting and exfiltrating all the data on an infected device.

The string of attacks, reported by South Korean cybersecurity firm AhnLab, has not yet been confirmed as a zero-day exploit, though it is thought that this is the most likely cause. Some are not convinced that a zero-day is the culprit, as shown in the tweet below.

It may take some time to confirm the cause of this new wave of attacks, be it a security vulnerability or otherwise.

LockBit 3.0 Poses Major Threats to Private Data

LockBit 3.0 (also known as LockBit Black) is the newest iteration in the LockBit ransomware-as-a-service (RaaS) family, succeeding LockBit 1.0 and 2.0. This particular strain of ransomware was first discovered in Spring of 2022 and is already popular among cybercriminals.

On top of encrypting and exfiltrating data, LockBit 3.0 can also delete certain services or features to make the encryption and exfiltration process quicker and easier. Once the victim’s files have been encrypted and stolen, the infected device’s wallpaper will change to show the target that they have been attacked.

Microsoft Exchange Is No Stranger Hacks

At the time of writing, Microsoft is already working on delivering patches for two additional vulnerabilities, CVE-2022-41040 and CVE-2022-41082.

In the Summer of 2022, attackers deployed web shell and managed to steal over 1.3TB of data from Microsoft Exchange accounts. This was done by exploiting the two aforementioned security vulnerabilities.

It is important to note that the Summer and Autumn hacks are not thought to have been carried out through the same vulnerabilities. This is because the attack techniques do not seem to overlap.

LockBit Ransomware Is an Ongoing Threat

Since its first iteration was released, LockBit ransomware has posed serious threats to targets around the world. With LockBit’s ransomware-as-a-service model offering ransomware to a growing base of paying users, the possibility of new attacks is increasing with time. Who knows what platform will next be targeted by a malicious LockBit operator.

Add a Comment

Your email address will not be published. Required fields are marked *