The Black Kingdom ransomware was used by cybercriminals to target vulnerable Microsoft Exchange servers earlier this year.
Earlier this year Microsoft Exchange servers were targeted by cybercriminals who used a known vulnerability to infect them with the Black Kingdom ransomware. Now the cybersecurity firm Kaspersky has released a new report which provides further insight into how this ransomware strain works along with new details on the cybercriminals behind it. While the Black Kingdom ransomware first appeared back in 2019, it became widely known back in March of this year when it was used in a campaign that exploited the ProxyLogon vulnerability, tracked as CVE-2021-27065, in Microsoft Exchange. However, based on Kaspersky’s analysis of the ransomware, it is an amateurish implementation with several mistakes and a critical encryption flaw that could allow anyone to decrypt the files affected by it using a hardcoded key.
