Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.
Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.
Based on the logs from his honeypots, Hutchins states that the threat actor used the vulnerability to execute a PowerShell script that downloads the ransomware executable from ‘yuuuuu44[.]com’ and then pushes it out to other computers on the network.
Source: Bleeping Computer