Epsilon Red, a ransomware detected last month, is targeting vulnerable Microsoft Exchange servers. According to researchers from CyberNews, Epsilon Red operations are ongoing and more than 3,500 servers are still vulnerable.
What has happened?
A week ago, Sophos discovered the new ransomware written in Go language that was named Epsilon Red. It was used in a hand-controlled attack aimed at U.S.-based businesses in the hospitality industry.
- Recent research revealed that the latest Epsilon Red strain mostly relies on vulnerable Microsoft Exchange servers and launches mass server exploitation campaigns, and tries to expose companies’ information for revenue.
- The new ransomware variant is detected by most of the AV vendors.
- It propagates via recently discovered Microsoft Exchange server vulnerabilities, such as CVE-2021-26855, CVE-2020-1472, and CVE-2021-27065 to drop ransomware.
- Around 695 vulnerable ZeroLogon servers were found in the U.S., an additional 71 in Australia, and 36 in Argentina. These servers are directly exploitable by ransomware.
Copycat malware and ransom
- Researchers conclude that this appears to be yet another copycat ransomware release. The operators behind the Epsilon Red variant are becoming prolific and infecting as many systems as possible.
- The ransom note looks to be similar to the original ransom note used by REvil, except for a few grammatical fixes.
- One of the victims paid around $200,000 in Bitcoin, showing its success.
Conclusion
Ransomware attacks are one of the most active threats in cyberspace and continually growing, with new threats arriving almost on a daily basis. Therefore, for ample protection, adequate protection against ransomware attacks must include a proactive defense strategy.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_210816841.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_248124559.jpg)
