Search

New 'Epsilon Red' ransomware is targeting unpatched Microsoft Exchange servers - SiliconANGLE News

sutitong.blogspot.com

A new form of ransomware dubbed “Epsilon Red” has been found in the wild targeting unpatched Microsoft Corp. Exchange servers.

First detected by security researchers at Sophos plc and revealed Friday, the ransomware was found targeting a U.S.-based business in the hospitality industry. Delivered as the final executable payload in a hand-controlled attack, the ransomware demanded a payment of 4.29 bitcoin, valued at the time at about $210,000.

According to the security researchers, the name and tooling in the ransomware attack were unique to the attackers. Although the ransom note resembled the standard message left behind by the well-known REvil ransomware gang, there were grammatical changes.

The gateway was an enterprise Microsoft Exchange server. “It isn’t clear whether this was enabled by the ProxyLogon exploit or another vulnerability, but it seems likely that the root cause was an unpatched server,” the researchers explained. “From that machine, the attackers used WMI to install other software onto machines inside the network that they could reach from the Exchange server.”

As coined by those behind the new ransomware, the name Epsilon Red is a pop-culture reference to a character in the X-Men comic books.

Epsilon Red is written in Golang (Go), an open-source programming language described as easy to build simple, reliable and efficient software. Preceded by PowerScripts that prepare the target, the ransomware has multiple stages.

Starting with killing processes and services for security tools, databases, backup programs, Microsoft Office apps and email clients, the ransomware deletes all Volume Shadow Copies. The ransomware then steals the Security Account Manager file containing password hashes, deletes Windows Event Logs, disables Windows Defender. Finally it suspends processes, uninstalls security tools and expands permissions on the system.

Having gotten rid of any impediments, Epsilon Red then uses Windows Management Instrumentation to install software and run PowerShell scripts that then deploy the main ransomware executable.

The rest of the process comes as no surprise. The executable encrypts files and steals data, victims are informed of the attack and a ransom payment is demanded.

“As the ingress point for this attack appears to have been an Exchange server vulnerable to the ProxyLogon exploit chain, customers are urged to patch internet-facing Exchange servers as quickly as possible,” the researchers concluded.

Image: Sophos

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Adblock test (Why?)



"exchange" - Google News
June 01, 2021 at 09:22AM
https://ift.tt/34BQ4Ex

New 'Epsilon Red' ransomware is targeting unpatched Microsoft Exchange servers - SiliconANGLE News
"exchange" - Google News
https://ift.tt/3c55nbe
https://ift.tt/3b2gZKy
Exchange

Bagikan Berita Ini

0 Response to "New 'Epsilon Red' ransomware is targeting unpatched Microsoft Exchange servers - SiliconANGLE News"

Post a Comment

Powered by Blogger.