LockBit ransomware is spreading from compromised Microsoft Exchange servers


LockBit ransomware affiliates have been caught distributing the malware (opens in new tab) via compromised Microsoft Exchange servers, multiple sources have confirmed.

The issue was first identified by South Korean cybersecurity company AhnLab. This past summer, two servers belonging to one of its customers were infected with LockBit 3.0. As per the report, the attackers first deployed web shell, then escalated privileges to Active Directory admin a week later, stole some 1.3 TB of data, and encrypted systems hosted on the network.

Leave a Reply

Your email address will not be published. Required fields are marked *