Black Kingdom, a Threat that Puts Microsoft Exchange at Risk

There are many types of threats that can put our devices, servers and any system connected to the network at risk. In this article we echo Black Kingdom , a new ransomware that puts Microsoft Exchange servers in trouble. It is a software that is part of Microsoft Server and that has already been attacked on other occasions by different threats.

Black Kingdom, the latest threat to Microsoft Exchange

In recent times we have seen different problems that have affected Microsoft Exchange. The ProxyLogon vulnerability has been an important issue that is corrected through patches, but still many users have not updated their systems.

Black Kingdom

The Black Kingdom ransomware takes advantage of precisely the ProxyLogon vulnerability. In this way it manages to encrypt the victims’ servers. Security researcher Marcus Hutchins is behind this discovery and alerted to the problem affecting Microsoft Exchange.

It relies on your honeypot logs and, according to the security investigator, uses the vulnerability to run a PowerShell script that downloads the ransomware executable and then sends it to other computers on the network.

Keep in mind that honeypots are devices with known vulnerabilities exposed on the Internet that can attract attackers and monitor their activities. However, the Hutchins honeypots did not appear to be encrypted, and it appears that this was a failed campaign.

However, according to submissions to the ID Ransomware ransomware identification site, the Black Kingdom campaign has encrypted the devices of other victims, with the first seen on March 18.

The victims of this security threat are spread across many countries around the world. We can mainly name the United States, Canada, Russia and a wide variety of nations in Europe.

Once the devices are encrypted, the ransomware will encrypt the files using random extensions and then create a ransom note called decrypt_file.TxT. Security researcher Marcus Hutchins claims he saw a different ransom note called ReadMe.txt that uses slightly different text.

As we know, the ransomware aims to encrypt systems and devices and ask for a financial ransom in return. In this case, what they are requesting is a ransom in bitcoins valued at $ 10,000.

Qué es el malware híbrido

How to avoid falling victim to this problem

It is very important that we are protected and avoid being victims of this type of problem. In the case of vulnerabilities related to ProxyLogon, which give rise to threats such as Black Kingdom, it is essential to have up-to-date equipment and systems . Having the latest patches will help reduce risk on the network, beyond also improving performance.

But in addition to having updated equipment, it is also a good idea to have security programs . A good antivirus can prevent the entry of malware that compromises systems. It is something that we must apply regardless of the type of operating system we are using.

On the other hand, although perhaps most important of all, we must always maintain common sense . Avoiding errors when downloading files or using the devices can help reduce risk. This point is very important.