Microsoft Exchange Servers are being targeted by those spreading BlackCat Ransomware and information is out that the hackers are seen exploiting unpatched vulnerabilities on the systems to induct the said file encrypting malware.
It has been observed that in over two instances the hackers could steal credentials and transit information to remote servers, to use that data for double extortion.
Hackers are first attacking a victim server on an initial note and then are seen deploying BlackCat Ransomware payloads across the network via PsExec.
Microsoft has taken a note of the situation and suspects that the hacks are being conducted by a gang that is affiliated with a ransomware as a service operation and is asking all its exchange servers to follow an advisory issued on March 14th to mitigate ProxyLogon Attacks.
It also suspects that a hacking group dubbed FIN12 that was previously involved in cyber attacking healthcare organizations with Ryuk, Conti and Hive might be involved in the incident.
The technology company is urging organizations to use a comprehensive solution like its own Microsoft 365 Defender to defend risks associated with the attacks and has already issued a detailed advisory to curtail issues arising from cyber attacks.
NOTE- BlackCat Ransomware versions are working on both Windows and Linux versions and in VMware ESXi’s environment. Since 2021, the said file encrypting malware also known as ALPHV ransomware was seen asking $5 million from its victims.