BlackKingdom ransomware is another ransomware, known so far, that is actively exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities. Attackers used the ProxyLogon vulnerability to execute a PowerShell script that downloads the ransomware executable from 'yuuuuu44[.]com' and then pushes it out to other computers on the network. The attacker demaned a ransom of $10,000 in Bitcoins in this wallet 1Lf8ZzcEhhRiXpk6YNQFpCJcUisiXb34FT.
DearCry Ransomware was the first known malware to exploit ProxyLogon for ransom.
BlackKingdom Ransomware Signatures
Family: Trojan:Win32/Ymacco.AAC4
MD5: 96c2f4acef5807b54ded4e0dae6ed79d
SHA256: c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908
BlackKingdom Ransomware Download
