Hackers can now use a new type of malware called Avaddon to target Microsoft Exchange email servers, as per researchers from Sophos, a cybersecurity firm. Avaddon ransomware, which was initially spotted in early 2019, has recently been updated to incorporate a module dedicated to exploiting vulnerabilities in Exchange servers. This is alarming as Microsoft itself seemingly dealt with numerous hacking campaigns targeting Exchange servers earlier this year.
To gain an initial foothold in a system, Avaddon uses malicious spam emails with boobytrapped attachments. When the attachment is opened, the malware gets executed, leading to the compromise of the victim’s computer and eventual infection of the organization’s network. After gaining access, it will begin encrypting files, rendering them inaccessible until a ransom is paid.
The latest update to Avaddon ransomware includes an Exchange EDB<->PST converter module, which enables the malware to extract and steal emails, contacts, and other valuable data stored on the Exchange server. This module could potentially have serious implications for organizations storing sensitive information.
Considering the scale and frequency of attacks on Exchange servers this year, it is vital for organizations to regularly patch and update their systems. Implementing advanced email threat protection solutions with anti-spam and anti-phishing capabilities can help detect and block such malicious emails from reaching users’ inboxes. Additionally, maintaining reliable backups and educating employees about the risks associated with opening untrusted email attachments are crucial for mitigating the impact of ransomware attacks.
