The Black Kingdom/Pydomer ransomware operators have joined the ranks of threat actors targeting the Exchange Server vulnerabilities that Microsoft disclosed in early March.
The zero-day bugs, four in total, had been targeted in live attacks well before patches were released for them on March 2, with exponentially more adversaries picking them up over the past three weeks, despite the availability of additional mitigations.
The number of unpatched Exchange installations has dropped significantly, going from roughly 80,000 on March 14 to fewer than 30,000 on March 22.
“As of today, we have seen a significant decrease in the number of still-vulnerable servers – more than 92% of known worldwide Exchange IPs are now patched or mitigated. We continue to work with our customers and partners to mitigate the vulnerabilities,” Microsoft noted in a March 25 blog post.
The number of attacks targeting the still-vulnerable servers, however, hasn’t diminished. In fact, the tech company reveals that additional ransomware families and botnets are now attempting to compromise the vulnerable servers.
DoejoCrypt, also known as DearCry, was the first ransomware family to target the Exchange vulnerabilities, more than two weeks ago. The Black Kingdom/Pydomer ransomware has since joined the fray, Microsoft says.
Known to be targeting publicly disclosed vulnerabilities, including Pulse Secure VPN flaws, Pydomer operators were observed mass scanning for and attempting to compromise unpatched Exchange servers.
“They started later than some other attackers, with many compromises occurring between Ma ..
Support the originator by clicking the read the rest link below.
