Cyber attacks in general, and ransomware in particular, are showing no signs of slowing down. In a disturbing development, a new strain of the notorious BlackByte ransomware has been discovered and reported.
This was brought to light by Managed Detection and Response (MDR) vendor Red Canary. The adverse effects of this ransomware are also being linked to ProxyShell. The term ProxyShell is collectively used to cite three Microsoft Exchange Server bugs.
These bugs enable the perpetrator of a cyber attack to escalate privileged access, and also execute code remotely. From here on end, the story of BlackByte ransomware is not much different from the others, as it encrypts all your data.
If a cyber miscreant is able to exploit the vulnerabilities alluded to as ProxyShell, remote code execution will take place even before the pre-authentication phase. Another disturbing news about this latest strain of ransomware is its worm-able nature.
What this means is that once it has successfully infected a particular device, the worm-able nature of this ransomware can also potentially affect other systems on the compromised network. The exact quantum of this ransomware attack is still un-known.
This news about the impact of BlackByte is a stark reminder of the threats that ransomware poses to both governmental and enterprise networks. While some of us might have caught wind of this development, there could be many more unsuspecting users and networks.
It is being claimed that the ProxyShell vulnerability has been successfully patched, but there could be several systems or networks that are still un-patched, thus exposing them to this, and countless other notorious forms of cyber attacks.
