BlackKingdom ransomware is another ransomware, known so far, that is actively exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities. Attackers used the ProxyLogon vulnerability to execute a PowerShell script that downloads the ransomware executable from 'yuuuuu44[.]com' and then pushes it out to other computers on the network. The attacker demaned a ransom of $10,000 in Bitcoins in this wallet 1Lf8ZzcEhhRiXpk6YNQFpCJcUisiXb34FT.
was the first known malware to exploit ProxyLogon for ransom.
BlackKingdom Ransomware Signatures
BlackKingdom Ransomware Download