Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

LockFile: Ransomware Uses PetitPotam Exploit On DC Servers

August 24, 2021

Indications are that the attackers gain access to victims' networks via Microsoft Exchange Servers, and then use the incompletely patched PetitPotam vulnerability to gain access to the domain controller, and then spread across the network. It is not clear how the attackers gain initial access to the Microsoft Exchange Servers. Victims are in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors. The attackers behind this ransomware use a ransom note with a similar design to that used by the LockBit ransomware gang and reference the Conti gang in the email address they use - contact@contipauper[.]com.

Featured Resources

View More Resources
Exposure Validation Demo
Demo

Exposure Validation Demo

Demo of automated offensive simulations validating detection, prevention, and IOC coverage

Learn More
Validate What Matters: Simulate Real-World Identity and Privilege Attacks in AD and Entra ID 
blog

Validate What Matters: Simulate Real-World Identity and Privilege Attacks in AD and Entra ID 

Identity is the new perimeter. The move to the cloud and remote work creates new security boundaries based on users and services operating across cloud and hybrid environments, making

Read More
New Cymulate WAF Rules: Turn Validation Gaps Into Actionable Defense 
blog

New Cymulate WAF Rules: Turn Validation Gaps Into Actionable Defense 

Yahav Levin, Research Team LeadIdan Sherman, Infosec Researcher Modern web applications are constantly exposed to threats such as SQL injection,

Read More