winbuzzer.com
Open in
urlscan Pro
2606:4700:3036::6815:2180
Public Scan
URL:
https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Submission: On August 28 via api from GB
Submission: On August 28 via api from GB
Form analysis 3 forms found in the DOM
GET https://winbuzzer.com/
<form method="get" class="td-search-form" action="https://winbuzzer.com/">
<div class="td-search-close"> <a href="#"><i class="td-icon-close-mobile"></i></a> </div>
<div role="search" class="td-search-input"> <span>Search</span> <input id="td-header-search-mob" type="text" value="" name="s" autocomplete="off"> </div>
</form>POST #
<form action="#" method="post">
<div class="td-login-inputs"><input class="td-login-input" autocomplete="username" type="text" name="login_email" id="login_email" value="" required=""><label for="login_email">your username</label></div>
<div class="td-login-inputs"><input class="td-login-input" autocomplete="current-password" type="password" name="login_pass" id="login_pass" value="" required=""><label for="login_pass">your password</label></div> <input type="button"
name="login_button" id="login_button" class="wpb_button btn td-login-button" value="Login">
</form>GET https://winbuzzer.com/
<form method="get" class="td-search-form-widget" action="https://winbuzzer.com/">
<div role="search"> <input class="td-widget-search-input" type="text" value="" name="s" id="s"><input class="wpb_button wpb_btn-inverse btn" type="submit" id="searchsubmit" value="Search"> </div>
</form>Text Content
* Windows 10
* Windows 11
* Office
* Azure
* Xbox
* Hardware
* Surface
* Surface Pro
* Surface Go
* Surface Laptop
* Surface Book
* Surface Duo
* Surface Neo
* Surface Studio
* Surface Hub
* Surface Pen
* Surface Headphones
* Surface Earbuds
* HoloLens
* About WinBuzzer
* About WinBuzzer
* Contact Us
* Follow Us: PUSH, Feeds, Social
* Write for Us
* Cookie Policy and Privacy Policy
* Terms of Service
Search
Sign in
Welcome! Log into your account
your username
your password
Forgot your password? Get help
Password recovery
Recover your password
your email
A password will be e-mailed to you.
WinBuzzer
* Windows 10
* Windows 11
* Office
* Azure
* Xbox
* Hardware
* Surface
* Surface Pro
* Surface Go
* Surface Laptop
* Surface Book
* Surface Duo
* Surface Neo
* Surface Studio
* Surface Hub
* Surface Pen
* Surface Headphones
* Surface Earbuds
* HoloLens
* About WinBuzzer
* About WinBuzzer
* Contact Us
* Follow Us: PUSH, Feeds, Social
* Write for Us
* Cookie Policy and Privacy Policy
* Terms of Service
Home WinBuzzer News Microsoft Exchange Server LockFile Ransomware Targets
Windows Domains
* WinBuzzer News
MICROSOFT EXCHANGE SERVER LOCKFILE RANSOMWARE TARGETS WINDOWS DOMAINS
A new Microsoft Exchange Server exploit places the LockFile ransomware on a
network, sparking new security concerns.
By
Luke Jones
-
August 24, 2021 5:24 pm CEST
Facebook
Twitter
Pinterest
WhatsApp
Microsoft Exchange servers are once again the target for attacks. Through this
year, Microsoft Exchange Server exploits have led to massive breaches. Now,
another threat is ongoing and affecting servers across Asia and the U.S. Known
as LockFile, this is a ransomware attack that was found by Symantec.
LockFile has been active since at least July 20. Threat actors conducting
successful attacks can take control of Windows domains and encrypt devices. Once
they have control over one device, they can potentially spread the ransomware
across a network.
Symantec points out LockFile uses the PetitPotam exploit, using the
vulnerability after breaching Microsoft Exchange servers. The company says it is
unclear how the initial breach of Microsoft Exchange Server is done.
Advertisement
While Microsoft has been patching the platform during the year, there is no
current fix for the PetitPotam vulnerability. Alongside Symantec’s discovery,
the Cybersecurity & Infrastructure Security Agency has also issued an advisory:
“Malicious cyber actors are actively exploiting the following ProxyShell
vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker
exploiting these vulnerabilities could execute arbitrary code on a vulnerable
machine. CISA strongly urges organizations to identify vulnerable systems on
their networks and immediately apply Microsoft’s Security Update from May
2021—which remediates all three ProxyShell vulnerabilities—to protect against
these attacks.”
A 2021 TO FORGET FOR MICROSOFT EXCHANGE SERVER
Microsoft Exchange Server was successfully attacked through an exploit first
used by the HAFNIUM group. More hackers have since leveraged the exploit for
their own attacks. Microsoft sent out patches for all versions of the service,
including those out of support. Although, these patches need users to install
the update.
Microsoft says updating Exchange Server is the best way to avoid the exploit.
Furthermore, the company has launched a tool to help customers know if they have
been breached. In April, Microsoft released a new update of security patches for
Exchange Server.
However, as we recently reported, some attacks persist and are targeting
organizations that have not patched their systems.
Tip of the day: The Windows 10 Clipboard history feature provides the
functionality across device, space, and time, letting you copy on one computer
and paste the text days later on a different PC. All of it is possible via the
Windows 10 clipboard manager, which lets you view, delete, pin, and clear
clipboard history at will.
In our tutorial we show you how to enable the feature, clear clipboard history,
and enable/disable clipboard sync to meet your preferences. You can also create
a clear clipboard shortcut for quick removal of stored content.
Advertisement
SOURCESymantec
* TAGS
* Cybersecurity
* LockFile Ransomware
* Microsoft Exchange Server
* Microsoft Exchange Server Attacks
* PetitPotam Exploit
Facebook
Twitter
Pinterest
WhatsApp
Previous articleNew Microsoft Whiteboard Coming to Windows 10, iOS, and Surface
Hub
Luke Jones
Luke has been writing about all things tech for more than five years. He is
following Microsoft closely to bring you the latest news about Windows, Office,
Azure, Skype, HoloLens and all the rest of their products.
RELATED ARTICLESMORE FROM AUTHOR
HOLESWARM CRYPTOMINING MALWARE FOUND IN WINDOWS VULNERABILITIES SINCE JUNE
POLY NETWORK CRYPTOCURRENCY THEFT SEES HACKERS TAKE OVER $600 MILLION
MICROSOFT RELEASES PUBLIC DATASET FROM FIRST SIMULAND EXPERIMENT
FOLLOW US
HOW-TO
HOW TO CHANGE DATE AND TIME FORMAT IN WINDOWS 10
August 20, 2021 10:21 am CEST
HOW TO ENABLE OR DISABLE TAMPER PROTECTION IN WINDOWS 10
August 20, 2021 10:06 am CEST
Load more
LATEST NEWS
MICROSOFT EXCHANGE SERVER LOCKFILE RANSOMWARE TARGETS WINDOWS DOMAINS
Luke Jones - August 24, 2021 5:24 pm CEST
NEW MICROSOFT WHITEBOARD COMING TO WINDOWS 10, IOS, AND SURFACE HUB
August 23, 2021 5:54 pm CEST
WINDOWS 11 SECURITY APP BUG FOUND ON BY WINDOWS INSIDERS
August 23, 2021 5:26 pm CEST
FTC ACCUSES FACEBOOK OF “BUY-OR-BURY” SCHEME TO CONTROL SOCIAL MEDIA MARKET
August 20, 2021 4:11 pm CEST
Load more
Advertisement
* About WinBuzzer
* Contact Us
* Write for Us
* Terms of Service
* Cookie Policy and Privacy Policy
* About WinBuzzer
* Contact Us
* Write for Us
* Terms of Service
* Cookie Policy and Privacy Policy
© WinBuzzer 2017