LockFile: Ransomware Uses PetitPotam Exploit On DC Servers

Indications are that the attackers gain access to victims’ networks via Microsoft Exchange Servers, and then use the incompletely patched PetitPotam vulnerability to gain access to the domain controller, and then spread across the network.
It is not clear how the attackers gain initial access to the Microsoft Exchange Servers.

Victims are in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors.

The attackers behind this ransomware use a ransom note with a similar design to that used by the LockBit ransomware gang and reference the Conti gang in the email address they use – [email protected][.]com.

Sign Up For Threat Alerts

Loading...
Threats Icon

Oct 20, 2021

MysterySnail attacks with Windows zero-day

Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple...

Threats Icon

Oct 19, 2021

Explosive New MirrorBlast Campaign Targets Financial Companies

Financial organizations are historically among the most targeted by threat actors. There are many reasons...

Threats Icon

Oct 14, 2021

BlackByte Ransomware Virus

BlackByte is ransomware that infects Windows computers for the purpose of blackmailing or extorting money...

Threats Icon

Oct 14, 2021

Israel on heightened alert after hospital hit...

Hillel Yaffe resorts to logging admissions with pen and paper while being unable to conduct...

Threats Icon

Oct 13, 2021

FIN12 Ransomware Threat Actor Aggressively Pursued Healthcare...

IN12, an aggressive, financially motivated threat actor behind prolific ransomware attacks since at least October...

Threats Icon

Oct 11, 2021

Actors Target Huawei Cloud Using Upgraded Linux...

TrendMicro have recently noticed another Linux threat evolution that targets relatively new cloud service providers...

Threats Icon

Oct 07, 2021

GhostEmperor – From ProxyLogon to kernel mode

Analysts noticed a recurring cluster of activity that appeared in several distinct compromised networks. This...

Threats Icon

Oct 06, 2021

Atom Silo ransomware actors use Confluence exploit

A new ransomware operator uses stealthy techniques, but borrows heavily from other players. Sophos' MTR...

Threats Icon

Oct 05, 2021

Financially motivated actor breaks certificate parsing to...

Attackers created malformed code signatures that are treated as valid by Windows but are not...

Threats Icon

Oct 04, 2021

Fake Installers Drop Malware and Open Doors...

One way that attackers trick users is by luring them with unauthorized apps or installers...

Threats Icon

Oct 04, 2021

FinSpy – unseen findings

FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Analysts began detecting...

Threats Icon

Sep 27, 2021

FamousSparrow: A suspicious hotel guest

Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 ESET researchers have...

Threats Icon

Sep 23, 2021

Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084...

The cryptomining trojan z0Miner has been taking advantage of the Atlassian's Confluence remote code execution...

Threats Icon

Sep 22, 2021

TinyTurla – Secret backdoor on victim machines

Russian state-sponsored hackers known as the Turla APT group have been using new malware over...

Threats Icon

Sep 19, 2021

No Longer Just Theory-Linux Executables Deployed As...

Researchers recently identified several malicious files that were written primarily in Python and compiled in...