The newly observed “LockFile” ransomware has skilfully infiltrated multiple sectors by exploiting the “PetitPotam” vulnerability in Microsoft Windows systems. In complex and technically sophisticated supply-chain attacks, cyber-threat actors gained access to targets’ Microsoft Exchange Servers, making use of a publicly available PetitPotam proof of concept (PoC) to access domain controllers and deploy LockFile. The multiple, domino-like layers of the attacks signify the increasingly advanced capabilities of ransomware and ransomware operators alike. They have raised a red flag for defenders, who should strive to be as agile and resourceful as attackers―as well as one step ahead, when it comes to preventing vulnerability exploitation.
Most Recent Flipbooks
Main story: Uber compromised by Lapsus$'s resurgence
Main story: Cyber attacks shock the Italian energy sector
Main story: Back to school for students and ransomware groups
Main story: LastPass suffers source code data breach
Main story: LockBit under DDoS attack: Entrust strikes back?
Main Story: Cisco defies extortion attempts after network breach
Main story: Cybercriminals scramble for new hiding places after 911 proxy service folds
Main story: Free-to-use Redeemer opens doors for ransomware enthusiasts
Main story: LockBit launches new version, welcomes bug hunters
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage