LockFile Ransomware is a new malware that was reported in the wild. It is known to mainly target the Exchange Servers by using ProxyShell and ProxyLogon vulnerability as such. It is quite nasty as it mainly exploits partially patched PetitPotam, It was found by researchers lately that a new ransomware variant with the name as LockFile Ransomware targeted Organizations and Companies using ProxyShell vulnerabilities of MS Exchange. It was recently spotted in the last month that is on July 20th 2021. Later it was also reported that it targeted even 10 more Organizations till August 20. the worst sufferers are its victims from USA and Asian countries as it has targeted various Exchange servers globally involving Financial sectors, business services, travel, Tourism and Engineering firms. It is know to use Ransom note which is quite identical to LockBit Ransomware Group of hackers. They are referred as Conti Group in the ransom note and email which is used.
LockFile Ransomware Has Affected Various Organizations Globally
It is known to target Exchange Server and access the data using the ProxyShell bug through exploiting PetitPotam vulnerabilities. This is why it is reported as most noxious vulnerability in the entire MS Exchange history. It is known to access Domain Controller of the Organization and firms such as
- Exploit for CVE-2021-36942 (PetitPotam)
- active_desktop_launcher.exe
- active_desktop_render.dll
These two files are known to encrypt the device and system connected to the same network. Later, the threat actors are known to run and install payload for LockFile Ransomware
How to Prevent Organizations against LockFile Ransomware
Those Organizations which are known to use Active Directory Certificate Service (AD CS) as Certificate Authority Web Enrollment, Certificate Enrollment Web Service are most vulnerable to Petipotam attack. This is the reason why Microsoft has really worked hard to release the patch to mitigate the risk of PetiPotam attack. It would definitely help to prevent and safeguard against LockFile Ransomware attack.
Also Read: How to remove Zeznzo Ransomware