The newly observed “LockFile” ransomware has skilfully infiltrated multiple sectors by exploiting the “PetitPotam” vulnerability in Microsoft Windows systems. In complex and technically sophisticated supply-chain attacks, cyber-threat actors gained access to targets’ Microsoft Exchange Servers, making use of a publicly available PetitPotam proof of concept (PoC) to access domain controllers and deploy LockFile. The multiple, domino-like layers of the attacks signify the increasingly advanced capabilities of ransomware and ransomware operators alike. They have raised a red flag for defenders, who should strive to be as agile and resourceful as attackers―as well as one step ahead, when it comes to preventing vulnerability exploitation.
Want To Try Our Digital Risk Protection Tool?Get Started Free
Other content in this Stream
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage
Main story: REvil REturns with new data-leak site
Main story: Russian cyber attacks on Ukraine: Where’s the boom?
Main story: Karakurt Hacking Team moonlights as Conti side business
RaidForums takedown sends cybercriminals scrambling
Carbanak group’s evolution extends to ransomware
Q1 2022: What happened and what lies ahead
Maverick extortionist group Lapsus$ goes after big tech
US executive order pushes for responsible cryptocurrency use
The Russia-Ukraine war has triggered a resurgence of hacktivism around the world
The US government has issued an alert about the Iran-linked "MuddyWater" advanced persistent threat group
Conti ransomware group aims to ascend with new tools, structure
US DoJ arrests shine light on ease and impact of cryptocurrency laundering