A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Researchers found that the threat actor breached the enterprise network by exploiting unpatched vulnerabilities in on-premise Microsoft Exchange servers. Epsilon Red is written in Golang (Go) and is preceded by a set of unique. scripts that prepare the ground for the file-encryption routine, each having a specific purpose. The threat actor also installs a copy of Remote Utilities – a commercial software for remote desktop operations, and the Tor Browser.
Source: https://www.bleepingcomputer.com/news/security/new-epsilon-red-ransomware-hunts-unpatched-microsoft-exchange-servers/