Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Ransomware known as BlackKingdom was previously used in attacks in June 2020 when corporate networks were compromised using Pulse VPN vulnerabilities. The Black Kingdom campaign has encrypted other victim’s devices, with the first submissions seen on March 18th. Victims are located in the USA, Canada, Austria, Switzerland, Russia, France, Italy, Germany, Greece, Australia, and Croatia.
Source: https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-black-kingdom-ransomware/