LockFile Ransomware: New Threat Targeting Microsoft Exchange Servers

Ransomware attacks don't stop being the cyber world's number one concern. With recent sky-high ransom payouts and hackers' extremely sophisticated methods, we are at the stage where even the most experienced cyber security companies like MBS Tech can sometimes lose hope to defeat cyber enemies. Nowadays, the fight against ransomware is held 24/7 in operating or standby mode. And the most recent dangerous cyber attacks target Microsoft Exchange Servers and use unseen LockFile ransomware.

LockFile Ransomware - Unseen Threat

The techniques the LockFile gang utilizes are previously unseen. The ransomware battlefield is already overcrowded with sophisticated, unprecedented methods hackers successfully use. Unfortunately, LockFile seems to be a new threat, broadening horizons even further.

LockFile Ransomware Targets Microsoft Exchange Servers

It's far from the first time when malicious actors use Microsoft Exchange servers as a target and exploit its vulnerabilities. This time, hackers took advantage of the latest ProxyShell (recent Microsoft Exchange vulnerabilities attack) flaws - patched but recently reproduced.

What Makes Microsoft Exchange Servers Worthy Target?

Microsoft Exchange is email server software utilized by many businesses. Having undoubtful advantages, Microsoft Exchange Servers also became a great way for hackers to get to their victims - primarily, small and medium businesses or local governments with low cyber security performance. Then these affected victims can lead to bigger targets in supply chain attacks or through other connections.

Massive Cyberattacks on Microsoft Exchange Servers in 2021

The very beginning of the year featured massive cyberattacks on Microsoft Exchange Servers when cyber security experts found zero-day exploits in on-premises servers. The compromised servers gave hackers access to a user's private information (emails, passwords) and other data and connected devices.

As malicious actors often install backdoors, it's very complicated to get rid of their impact or be sure that it's over after mitigation and never return.

To patch exploits, Microsoft constantly releases updates. However, they can't guarantee 100% safety and full risk mitigation. Frankly speaking, nothing does. But we can do everything to be prepared and minimize hackers' chances.

How LockFile Ransomware Works

LockFile ransomware exploits the latest ProxyShell vulnerabilities incompletely patched in May 2021. ProxyShell is an attack on Microsoft Exchange exploiting its vulnerabilities and resulting in unauthenticated, remote code execution. Once they get where they want, LockFile hackers use the PetitPotam vulnerability to take over the Windows domain, encrypting devices.

LockFile ransomware activity has been identified since July 2021. The first detected victim was a financial organization; other targets include building companies, transport businesses, food processors, industrial companies, legal and travel spheres, etc. Their victims are all over the world, but American and Asian users were affected more often.  

LockFile hackers created multiple web shells to enable malicious actors to access networks remotely. So far, the real goals of LockFile ransomware haven't been revealed. The cyber security world doesn't have much information about the threat, but further investigation will show more details.

MBS Tech: Experience Matters

We're now witnessing how cyber security transforms. And the main reason is that businesses have no choice. With recent previously unseen malicious actions and the completely unexpected scope, all businesses must get rid of any mess in their cyber security system.

Now isn't the right time for experiments. Businesses - small or large - should reach out to experienced cyber security professionals who deal with current cyber security issues every day, who know the best up-to-date practices and measures, offer the services and solutions of the highest quality and performance.  In that case only, the cyber world will become a safe place that will continue helping your business strive.

Stay cyber safe and be aware of up-to-date, innovative solutions in cyber security with highly experienced experts at MBS Techservices!



For your convenience, we’ve divided our blog on cyber security into several categories so that you can find necessary articles fast and effortlessly. Just choose the category that evokes your interest and enjoy reading.