REvil Linked To Another Exchange Server Breach
REvil threat actors may be behind a new ransomware attack on Exchange servers, according to the ever-alert security company Sophos, which detected the attack.
The actors are apparently using set of PowerShell language scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks.
Sophos say they are exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research.
The new ransomware, dubbed Epsilon Red, was found during an investigation into an attack on a US company in the hospitality sector.
The potential link to the REvil group came in a ransom note left on infected computers, which resembles a note left behind by a REvil ransomware attack earlier this year.
Again, an unpatched enterprise Microsoft Exchange server was used as the point of entry.