Lockfile Ransomware Effecting Exchange Servers
8/27/2021
LockFile ransomware targets organizations using Microsoft Exchange ProxyShell vulnerabilities and Windows PetitPotam NTLM Relay vulnerability.
OVERVIEW
▪ LockFile ransomware attackers are exploiting vulnerabilities in Microsoft Exchange servers to perform attacks on internal networks.
▪ Initially the attackers access the on-premise Microsoft Exchange server by exploiting the ProxyShell vulnerabilities. After that, attackers use the PetitPotam vulnerability to take over a Domain Controller to spread across the network.