A new group of ransomware is managing to exploit two recently revealed vulnerabilities to improve their chances of breaching, taking over, and encrypting corporate networks. Additionally, in reports from security firm TG Soft and security researcher Kevin Beaumont, the new LockFile ransomware band is exploiting a vulnerability known as ProxyShell to gain access to Microsoft Exchange email servers. ProxyShell is a set of vulnerabilities disclosed by Orange Tsai on BlackHat.
LockFile Ransomware is a very dangerous file virus that belongs to the Ransomware family. This dubious ransomware-type malware is designed to encrypt all file formats, including images, audios, videos, games, pdf, ppt, xlx, css, html, text, documents, databases, and other file formats stored on it. hard drive of your computer.
Once inside, LockFile operators abuse an attack method known as PetitPotam to take over a company’s Windows domain controller and then deploy its file encryption payloads on connected workstations, according to a report published on Monday. Friday by security firm Symantec. Details about the PetitPotam attack and the ProxyShell vulnerability were revealed in late July and early August respectively, proving once again that cyber criminal gangs are quite quick to turn exploits into weapons when they enter the public domain.
According to the cyber criminals behind this ransomware, the only way to get your locked files back is to pay a certain amount of extortion money for decryption but we recommend that you do not pay any amount of ransom money to the cyber criminals behind this ransomware. Paying the ransom money can cause serious privacy problems, financial losses or even identity theft and also nothing ensures that your data will be returned to you and doing this will only benefit these criminals financially.
The best we can do to prevent the LockFile gang from accessing their systems is recommended to companies more than anything because we already know that these types of threats seek to compromise wealthy companies, so they apply patches for the PetitPotam and ProxyShell vulnerabilities.
You might also like:
DeepBlueMagic is a fairly complex new ransomware
Gigabyte suffering a ransomware attack
