The ransomware gang Conti has started hacking into Microsoft Exchange servers with the help of the recently discovered Proxyshell vulnerability.
Bleeping Computer writes that the security company Sophos last week responded to an incident where the Conti ransomware gang encrypted an anonymous customer.
The attackers must first use web shells that executed commands, downloaded software and further infected the server. Once they had full control of the server, they accessed administrator tasks and spread to the network’s other servers. Software such as Anydesk and Cobalt Strike were also installed there to give the attackers remote access.
Finally, the organization’s unencrypted data was uploaded to the Mega file-sharing service, after which the attackers began encrypting the local files.
Microsoft patched the vulnerabilities in Proxyshell in May, and all organizations that have not yet updated their systems are urged to do so as soon as possible.
Also read: Security expert: Poorly prepared companies have contributed to cyber attacks
– .
