{"id":40150,"date":"2021-03-24T14:11:34","date_gmt":"2021-03-24T14:11:34","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32134\/Ransomware-Now-Hitting-Hacked-Exchange-Servers.html"},"modified":"2021-03-24T14:11:34","modified_gmt":"2021-03-24T14:11:34","slug":"ransomware-now-hitting-hacked-exchange-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/","title":{"rendered":"Ransomware Now Hitting Hacked Exchange Servers"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2016\/04\/ransom-note-640x360.jpg\" alt=\"A stylized ransom note asks for bitcoin in exchange for stolen data.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"14 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/03\/ransomware-operators-are-piling-on-already-hacked-exchange-servers\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">16<\/span> <span class=\"visually-hidden\"> with 14 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 25:single\/related:d14a4683e9bb973aeec0f6993f722459 --><!-- empty --><\/p>\n<p>Microsoft Exchange servers compromised in a first round of attacks are getting infected for a second time by a ransomware gang that is trying to profit from a rash of exploits that caught organizations around the world flat-footed.<\/p>\n<p>The ransomware\u2014known as Black Kingdom, DEMON, and DemonWare\u2014is demanding $10,000 for the recovery of encrypted data, security researchers said. The malware is getting installed on Exchange servers that were previously infected by attackers exploiting a critical vulnerability in the Microsoft email program. Attacks started while the vulnerability was still a zero-day. Even after Microsoft <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/03\/microsoft-issues-emergency-patches-for-4-exploited-0days-in-exchange\/\">issued an emergency patch<\/a>, as many as 100,000 servers that didn\u2019t install it in time <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/03\/tens-of-thousands-of-us-organizations-hit-in-ongoing-microsoft-exchange-hack\/\">were infected<\/a>.<\/p>\n<h2>Opportunity knocks<\/h2>\n<p>The hackers behind those attacks installed a web shell that allowed anyone who knew the URL to completely control the compromised servers. Black Kingdom was <a href=\"https:\/\/www.speartip.com\/resources\/black-kingdom-ransomware-exploiting-exchange-vulnerabilities\/\">spotted last week<\/a> by Security firm SpearTip. Marcus Hutchins, a security researcher at security firm Kryptos Logic, reported on Sunday that the malware <a href=\"https:\/\/twitter.com\/MalwareTechBlog\/status\/1373634465340264451\">didn\u2019t actually encrypt files<\/a>.<\/p>\n<div class=\"twitter-tweet\">\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Someone just ran this script on all vulnerable Exchange servers via ProxyLogon vulnerability. It claims to be BlackKingdom &#8220;Ransomware&#8221;, but it doesn&#8217;t appear to encrypt files, just drops a ransom not to every directory. <a href=\"https:\/\/t.co\/POYlPYGjsz\">pic.twitter.com\/POYlPYGjsz<\/a><\/p>\n<p>\u2014 MalwareTech (@MalwareTechBlog) <a href=\"https:\/\/twitter.com\/MalwareTechBlog\/status\/1373634465340264451?ref_src=twsrc%5Etfw\">March 21, 2021<\/a><\/p><\/blockquote>\n<\/div>\n<p>On Tuesday morning, Microsoft Threat Intelligence Analyst Kevin Beaumont reported that a Black Kingdom attack \u201cdoes indeed <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1374327687901220865\">encrypt files<\/a>.<\/p>\n<div class=\"twitter-tweet\">\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">BlackKingdom ransomware on my personal servers. It does indeed encrypt files. They exclude c:\\windows, however my storage drivers were in a different folder and it encrypted those&#8230; meaning the server doesn&#8217;t boot any more. If you&#8217;re reading BlackKingdom, exclude *.sys files <a href=\"https:\/\/t.co\/nUVUJTbcGO\">pic.twitter.com\/nUVUJTbcGO<\/a><\/p>\n<p>\u2014 Kevin Beaumont (@GossiTheDog) <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1374327687901220865?ref_src=twsrc%5Etfw\">March 23, 2021<\/a><\/p><\/blockquote>\n<\/div>\n<p>Security firm Arete on Monday also <a href=\"https:\/\/www.areteir.com\/black-kingdom-returns-to-exploit-zero-day-vulnerabilities-in-unpatched-microsoft-exchange-servers\/\">disclosed Black Kingdom attacks<\/a>.<\/p>\n<p>Black Kingdom was <a href=\"https:\/\/blog.redteam.pl\/2020\/06\/black-kingdom-ransomware.html\">spotted last June<\/a> by security firm RedTeam. The ransomware was taking hold of servers that failed to patch a critical vulnerability in the Pulse VPN software. Black Kingdom also <a href=\"https:\/\/any.run\/report\/63d6c419a8229bc7fc2089a2899d27bac746de0e96368e2a49d7c7754abd29f4\/649fff18-14f5-4544-8d04-0a981d2e0c79\">made an appearance<\/a> at the beginning of last year.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Brett Callow, a security analyst at Emsisoft, said it wasn\u2019t clear why one of the recent Black Kingdom attacks failed to encrypt data.<\/p>\n<p>\u201cThe initial version encrypted files, while a subsequent version simply renamed them,\u201d he wrote in an email. \u201cWhether both versions are being simultaneously operated is not clear. Nor is it clear why they altered their code\u2014perhaps because the renaming (fake encryption) process would not be detected or blocked by security products?\u201d<\/p>\n<p>He added that one version of the ransomware is using an encryption method that in many cases allows the data to be restored without paying a ransom. He asked that the method not be detailed to prevent the operators of the ransomware from fixing the flaw.<\/p>\n<h2>Patching isn\u2019t enough<\/h2>\n<p>Neither Arete nor Beaumont said if Black Kingdom attacks were hitting servers that had yet to install Microsoft\u2019s emergency patch or if the attackers were simply taking over poorly secured web shells installed earlier by a different group.<\/p>\n<p>Two weeks ago, Microsoft reported that a separate strain of ransomware named DearCry was taking hold of servers that had been infected by Hafnium. Hafnium is the name the company gave to state-sponsored hackers in China that were the first to use ProxyLogon, the name given to a chain of exploits that gains complete control over vulnerable Exchange servers.<\/p>\n<p>Security firm SpearTip, however, said that the ransomware was targeting servers \u201cafter initial exploitation of the available Microsoft exchange vulnerabilities.\u201d The group installing the competing DearCry ransomware also piggybacked.<\/p>\n<p>Black Kingdom comes as the number of vulnerable servers in the US dropped to less than 10,000, <a href=\"https:\/\/www.politico.com\/newsletters\/weekly-cybersecurity\/2021\/03\/22\/the-latest-microsoft-exchange-numbers-794134\">according to<\/a> Politico, which cited a National Security Council spokesperson. There were about 120,000 vulnerable systems earlier this month.<\/p>\n<p>As the follow-on ransomware attacks underscore, patching servers isn\u2019t anywhere near a full solution to the ongoing Exchange server crisis. Even when severs receive the security updates, they can still be infected with ransomware if any web shells remain.<\/p>\n<p>Microsoft is urging affected organizations that don\u2019t have experienced security staff to run <a href=\"https:\/\/msrc-blog.microsoft.com\/2021\/03\/15\/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021\/\">this<\/a> one-click mitigation script.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32134\/Ransomware-Now-Hitting-Hacked-Exchange-Servers.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40151,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9288],"class_list":["post-40150","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwaremicrosoftcybercrimefraudcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware Now Hitting Hacked Exchange Servers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Now Hitting Hacked Exchange Servers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-24T14:11:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/ransomware-now-hitting-hacked-exchange-servers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ransomware Now Hitting Hacked Exchange Servers\",\"datePublished\":\"2021-03-24T14:11:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/\"},\"wordCount\":692,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/ransomware-now-hitting-hacked-exchange-servers.jpg\",\"keywords\":[\"headline,malware,microsoft,cybercrime,fraud,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/\",\"name\":\"Ransomware Now Hitting Hacked Exchange Servers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/ransomware-now-hitting-hacked-exchange-servers.jpg\",\"datePublished\":\"2021-03-24T14:11:34+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/ransomware-now-hitting-hacked-exchange-servers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/ransomware-now-hitting-hacked-exchange-servers.jpg\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-now-hitting-hacked-exchange-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,microsoft,cybercrime,fraud,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwaremicrosoftcybercrimefraudcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Ransomware Now Hitting Hacked Exchange Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Now Hitting Hacked Exchange Servers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware Now Hitting Hacked Exchange Servers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-03-24T14:11:34+00:00","og_image":[{"width":640,"height":360,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/ransomware-now-hitting-hacked-exchange-servers.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ransomware Now Hitting Hacked Exchange Servers","datePublished":"2021-03-24T14:11:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/"},"wordCount":692,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/ransomware-now-hitting-hacked-exchange-servers.jpg","keywords":["headline,malware,microsoft,cybercrime,fraud,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/","url":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/","name":"Ransomware Now Hitting Hacked Exchange Servers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/ransomware-now-hitting-hacked-exchange-servers.jpg","datePublished":"2021-03-24T14:11:34+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/ransomware-now-hitting-hacked-exchange-servers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/ransomware-now-hitting-hacked-exchange-servers.jpg","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-now-hitting-hacked-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,microsoft,cybercrime,fraud,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwaremicrosoftcybercrimefraudcryptography\/"},{"@type":"ListItem","position":3,"name":"Ransomware Now Hitting Hacked Exchange Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40150"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40150\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40151"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}