Tuesday, October 19, 2021

LockFile ransomware’s box of tricks: intermittent encryption and evasion

LockFile is a new ransomware family that emerged in July 2021 following the discovery in April 2021 of the ProxyShell vulnerabilities in Microsoft Exchange servers. LockFile ransomware appears to exploit the ProxyShell vulnerabilities to breach targets with unpatched, on premises Microsoft Exchange servers, followed by a PetitPotam NTLM relay attack to seize control of the domain.

In this detailed analysis of the LockFile ransomware, we reveal its novel approach to file encryption and how the r…

Read More

Latest news
Related news