LockBit Ransomware deployed via Windows Exchange Server Hack

Cybercriminals allegedly exploited a Microsoft zero-day vulnerability to hack into Exchange servers.


Malicious actors are exploiting a Microsoft zero-day vulnerability to hack Exchange servers and deploy LockBit 3.0 ransomware, as reported by AhnLab.


Microsoft Exchange servers are at risk of ransomware attacks

A new zero-day Microsoft bug would be exploited to launch LockBit 3.0, a dangerous ransomware program capable of encrypting and exfiltrating all data on an infected device.

The series of attacks, reported by South Korean cybersecurity firm AhnLab, has yet to be confirmed as a zero-day exploit, although it is thought to be the most likely cause. . Some aren’t convinced that a zero day is the culprit, as the tweet below shows.

It may take some time to confirm the cause of this new wave of attacks, be it a security breach or otherwise.

LockBit 3.0 poses major threats to private data

LockBit 3.0 (also known as LockBit Black) is the latest iteration of the LockBit ransomware-as-a-service (RaaS) family, succeeding LockBit 1.0 and 2.0. This particular strain of ransomware was first discovered in the spring of 2022 and is already popular among cybercriminals.

In addition to encrypting and exfiltrating data, LockBit 3.0 can also remove certain services or features to make the encryption and exfiltration process faster and easier. Once the victim’s files are encrypted and stolen, the infected device’s wallpaper will change to show the target that they have been attacked.

Microsoft Exchange is no stranger Hacks

As of this writing, Microsoft is already working on providing fixes for two additional vulnerabilities, CVE-2022-41040 and CVE-2022-41082.

In the summer of 2022, attackers deployed a web shell and managed to steal over 1.3TB of data from Microsoft Exchange accounts. This was done by exploiting the two aforementioned security vulnerabilities.

It’s important to note that the Summer and Fall hacks don’t appear to have gone through the same vulnerabilities. This is because the attack techniques don’t seem to overlap.

LockBit Ransomware is a permanent threat

Since the release of its first version, LockBit ransomware has posed serious threats to targets all over the world. With LockBit’s ransomware-as-a-service model delivering ransomware to a growing base of paying users, the possibility of new attacks increases over time. Who knows which platform will be targeted by a malicious LockBit operator next.

Comments are closed.