"Cisco Talos Reports New Variant of Babuk Ransomware Targeting Exchange Servers"
Cisco Talos is warning US companies about a new variant of the Babuk ransomware. The malicious campaign deploying the new variant was discovered in mid-October but is suspected to have been active since July 2021. According to researchers, the initial infection vector is an exploitation of ProxyShell vulnerabilities contained by Microsoft Exchange Servers through the use of the China Chopper web shell. Babuk can impact various hardware and software platforms, but its new version targets Windows, encrypting the machine, interrupting the system backup process, and deleting volume shadow copies. This article continues to discuss the recently discovered malicious campaign deploying a new variant of the Babuk ransomware via an unusual infection chain method.