Microsoft Exchange server vulnerabilities targeted by Epsilon Red ransomware

Microsoft Exchange server vulnerabilities epsilon red ransomware image 2

One of the latest discovered ransomware, Epsilon Red, was detected targeting the Microsoft Exchange server’s vulnerability as the entry of infection since last month. According to the security reports, the ransomware campaign is ongoing, and there are still more than 3,500 estimated vulnerable servers. 

A cybersecurity firm has discovered this new ransomware last month, which is written using the GoLang programming language. It was observed to aim at US-based organizations and businesses within the hospitality sector. 

 

Further analysis revealed that the latest strain of variant of Epsilon Red primarily relied on the vulnerabilities of Microsoft Exchange servers to launch mass server exploits and malicious campaigns.

 

They also aim to acquire sensitive information of their targeted company and were seen trying to expose their target’s revenue information. 

The good news is that this new variant of Epsilon Red gets detected by most of the antivirus vendors available in the market. 

It cultivates using the latest discovered Microsoft Exchange server’s vulnerabilities such as CVE-2021-27065, CVE-2021-26855, and CVE-2020-1472 to plant the malware on the targeted servers. Still, around 695 ZeroLogon exploitable servers are found in the US, 71 in Australia, and 36 more in Argentina. These identified mail servers are exploitable by ransomware. 

The researchers concluded that this variant of the ransomware is yet another copycat ransomware release. The threat actors behind the Epsilon Red variant are becoming more active in infecting as many vulnerable exchange server systems as possible. 

The ransom note left by the variant seems similar to the ransomware note used by the REvil threat actors but with some grammatical fixes. 

A victim of the variant was reported to pay the ransom of $200,000 in Bitcoin value, showing the success of their malicious campaign. 

We cannot disregard the threat that ransomware attacks do. Ransomware is one of the most active threats in cyberspace, and they are still continually growing. When most businesses shifted to conduct businesses online, ample cyber protection and security solutions against ransomware attacks have to be implemented for a more proactive defense strategy. 

About the author

iZOOlogic

Leave a Reply