Lockfile Ransomware Effecting Exchange Servers

LockFile ransomware targets organizations using Microsoft Exchange ProxyShell vulnerabilities and Windows PetitPotam NTLM Relay vulnerability.


▪ LockFile ransomware attackers are exploiting vulnerabilities in Microsoft Exchange servers to perform attacks on internal networks.

▪ Initially the attackers access the on-premise Microsoft Exchange server by exploiting the ProxyShell vulnerabilities. After that, attackers use the PetitPotam vulnerability to take over a Domain Controller to spread across the network.

Sign Up Here for Download