CATEGORIES
home News

Security Researcher Lures Microsoft Exchange Ransomware Bandits With Sweet Honeypot

by Nathan OrdMonday, March 22, 2021, 04:37 PM EDT
windows hacker hero
This month, Microsoft Exchange vulnerabilities have been cropping up, and bad actors are looking to take advantage of them. It has been rumored, yet not confirmed, that the recent Acer hack stemmed from the Microsoft Exchange vulnerabilities. Now, another group of advantageous criminals are using the Exchange vulnerabilities in an attempt to spook businesses and organizations, it seems.

Over the weekend, security researcher Marcus Hutchins, who goes by MalwareTechBlog on Twitter, reported that he had caught someone running a script on his Exchange servers. The malicious actor, called BlackKingdom, ended up only putting a ransom note in all folders in the D, I, and E drives on the computer.

Based on the logs, the attacker had also previously tried to execute a PowerShell script which would have grabbed a malicious piece of software. In this case, it would not have mattered much as the way he caught the attacker was by a honeypot; a method to lure in someone malicious and sniff them out.

Moreover, as the attacker only left a ransom note and made no other changes, their initial malware probably did not work or as well as desired. Either way, there are still people out looking for vulnerable systems, and admins need to be aware of it, even if the attackers are sometimes declawed. Ultimately, this will not be the last we hear of attackers taking advantage of Exchange servers, so stay tuned to HotHardware for updates.
Tags:  Microsoft, cybersecurity, (nasdaq:msft), microsoft exchange
Nathan Ord

Nathan Ord

Nathan Ord is a tech nerd through and through.  Following any technology, from home and business applications to VR, anything is up his alley.  Starting out as the family repair guy and local "tech expert" for those around him, he helped out wherever he could.  Nathan came aboard HotHardware in 2020 and continuously enjoys what he does.  In his free time, he enjoys volunteering, playing video games, and just relaxing with friends. 
Opinions and content posted by HotHardware contributors are their own.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment