Microsoft Exchange Servers hit by Epsilon Red Ransomware

269

In March this year, Microsoft issued a press statement that its Email Exchange Servers were hit by a cyberattack that was possibly launched by a China-funded hacking group named Hafnium.

 

Now, the news is out that Microsoft Corp Exchange Servers are being targeted by a ransomware group named Epsilon Red and so far disrupted networks belonging to 3 US-based companies belonging to the hospitality industry.

 

Those behind Epsilon Red are reportedly demanding 4.19 BTC or $207,000 currency from the victims and reports are in that one of its victims has bowed down to its demands and others are looking forward to a solution to be recommended by security experts.

 

Sophos Plc was the first Cybersecurity firm to discover the activities of the Epsilon Red and released a press statement last week that the ransomware group is following the lines of REvil ransomware group when it comes to network infiltration procedure and ransom note drafting.

 

Also, the file-encrypting malware program is written in Go Programming aka Golang language that is open-source software that kills processes and services related to security tools and backup programs before encrypting the data on a database.

 

Note 1- Whether this ransomware group is into the activity of stealing data and then indulging in double extortion tactics is yet to be known.

 

Note 2- In Feb 2020, a vulnerability was discovered in the Microsoft Exchange Servers. And in the year 2021, a zero-day exploit was discovered in the Email Exchange Servers of Microsoft that involved hackers stealing info and installing malicious codes. Later the tech giant revealed that the vulnerability had existed almost ten years ago and was only exploited in 2021 i.e after 10 years.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security