{"id":118646,"date":"2022-12-23T11:50:40","date_gmt":"2022-12-23T11:50:40","guid":{"rendered":"https:\/\/www.stellarinfo.com\/blog\/?p=118646"},"modified":"2024-08-21T04:09:02","modified_gmt":"2024-08-21T04:09:02","slug":"fin7-ransomware-gang-targeting-vulnerable-exchange-servers","status":"publish","type":"post","link":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/","title":{"rendered":"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System"},"content":{"rendered":"<?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><p>FIN7, a hacking group, is using an automated attack system to breach corporate Exchange Servers, infiltrate networks, and steal data. They are targeting organizations based on their financial size. The hacking group is also found to be associated with a larger threat ecosystem consisting of DarkSide, LockBit, MAZE, and REvil ransomware families.<\/p><p>In this blog, you&rsquo;ll learn about the FIN7 hacking group and how they are leveraging the Exchange Server and SQL injection vulnerabilities to breach networks.<\/p><h2 class=\"wp-block-heading\" id=\"about-fin7-ransomware-group\">About FIN7 Ransomware Group<\/h2><p>FIN7 is a financially motivated hacking group known for setting up a fake company to hire IT specialists under the disguise of penetration testing for its ransomware attack and hacking point-of-sale registers.<\/p><p>PRODAFT&rsquo;s Threat Intelligence (PTI) team has discovered the automated attack system, called Checkmarks, used by FIN7 to target vulnerable Exchange Servers.<\/p><p>Also known as <strong>Carbanak<\/strong>, the hacking group has more than 8147 victims across the world after scanning more than 1.8 million targets. The majority of its targets are located in the United States (16.7%) and other countries, such as the UK, China, Canada, Italy, and Germany.<\/p><p>The techniques used by the ransomware group have evolved over the years beyond their traditional social engineering, use of stolen credentials, and software supply chain compromise. &nbsp;<\/p><p>As per <a href=\"https:\/\/www.prodaft.com\/resource\/detail\/fin7-unveiled-deep-dive-notorious-cybercrime-gang\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>PRODAFT report<\/strong><\/a>, &ldquo;Nowadays, its initial approach is to carefully pick high-value companies from the pool of already compromised enterprise systems and force them to pay large ransoms to restore their data or seek unique ways to monetize the data and remote access.&rdquo;<\/p><p>PRODAFT has also revealed additional details on FIN7&rsquo;s affiliations with other ransomware projects, its internal hierarchy, and the new SSH backdoor system they are using for stealing data from already compromised networks.&nbsp;<\/p><h2 class=\"wp-block-heading\" id=\"how-fin7-is-using-auto-attack-system-to-target-exchange-servers?\">How FIN7 is using Auto-Attack System to Target Exchange Servers?<\/h2><p>PRODAFT has recently discovered an auto-attack system called Checkmarks. The system is being used by the FIN7 ransomware gang as a scanner to scan multiple Remote Code Execution and privilege elevation Exchange vulnerabilities, such as ProxyShell (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207).<\/p><p>In June 2021, the ransomware gang used <strong>Checkmarks<\/strong> and various exploits, including publicly available PoCs and their custom code, to discover vulnerable Exchange Servers and gain access to the companies&rsquo; networks using web shells.<\/p><p>They are also using the Checkmarks platform&rsquo;s SQL injection module using SQLMap to find exploitable flaws on the target website.<\/p><p>Once the initial attack is carried out, the attack platform performs an automatic post-exploitation that includes steps, such as email extraction from the Activate Directory and Exchange Server information gathering.<\/p><p>The victims are automatically added to the Checkmarks central panel where the threat actors can check the additional details of the compromised network. The information is then scrutinized by FIN7&rsquo;s team, which lists the victims based on the firm size, financial status, current revenue, number of employees, headquarters details, etc. The information is used to determine whether the firm is worth its time and effort for a ransomware attack.<\/p><figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"515\" src=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/details-of-the-victims-on-chainsmarks-1024x515.png\" alt=\"details of the victims on chainsmarks\" class=\"wp-image-118652 apply-gradient-on-post-images\" srcset=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/details-of-the-victims-on-chainsmarks-1024x515.png 1024w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/details-of-the-victims-on-chainsmarks-300x151.png 300w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/details-of-the-victims-on-chainsmarks-768x387.png 768w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/details-of-the-victims-on-chainsmarks.png 1514w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Details of the Victims on Chainsmarks (Source: PRODAFT)<\/figcaption><\/figure><p>FIN7 maintains an SSH backdoor even after the ransom is paid by the ransomware victims. They use these SSH backdoors to sell access to other threat groups or to use them for new attacks in the future.<\/p><h2 class=\"wp-block-heading\" id=\"how-to-protect-your-exchange-organization?\">How to Protect your Exchange Organization?<\/h2><p>It is advised that you download and refer to the PRODAFT&rsquo;s report on FIN7 to know the Indicators of Compromise (IOCs) and how the financially motivated ransomware group is targeting your networks.<\/p><p>Also, keep your Exchange servers updated. <a href=\"https:\/\/www.stellarinfo.com\/article\/install-exchange-cumulative-updates.php\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Install the latest Exchange Server Cumulative Updates and Security patches<\/strong><\/a> released by Microsoft.<\/p><p>Refer to our previous blog to stay updated on the <strong><a href=\"https:\/\/www.stellarinfo.com\/blog\/microsoft-exchange-remote-code-execution-vulnerability-flaws-and-fixes\/\" target=\"_blank\" rel=\"noreferrer noopener\">new Microsoft Exchange remote code execution vulnerabilities, flaws, and fixes<\/a><\/strong>.&nbsp;<\/p><h2 class=\"wp-block-heading\" id=\"to-wrap-up\">To Wrap Up<\/h2><p>FIN7 is a highly active notorious cybercrime gang known for deploying backdoors in software supply chains, cooperating with other threat actors, and distributing malicious USB sticks. The attack group is continuously broadening its horizons for cybercrime and has recently added ransomware and SSH backdoor to its arsenal. The blog discussed how the FIN7 ransomware gang is using an auto-attack platform &ndash; Checkmarks &ndash; to target and infiltrate companies&rsquo; networks based on their size, financial status, revenue, etc. Their victims are mostly located in the US and other prominent countries. If you find or suspect that your Exchange Server is compromised, consider isolating the Exchange Server from the network and setting up a new server. Use an Exchange recovery tool, such as Stellar Repair for Exchange, to recover and restore user mailboxes from the compromised or failed Exchange Server or corrupt database to the new live Exchange Server.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>FIN7, a hacking group, is using an automated attack system to breach&hellip; <a class=\"more-link\" href=\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\">Continue reading <span class=\"screen-reader-text\">FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System<\/span><\/a><\/p>\n","protected":false},"author":32,"featured_media":118649,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5298],"tags":[4200,4198,4199],"class_list":["post-118646","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ransomware","tag-exchange-servers-ransomware","tag-fin7-ransomware","tag-ransomware","entry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System<\/title>\n<meta name=\"description\" content=\"Learn how FIN7 ransomware gang is using an auto-attack platform\u2013Checkmarks-to target and infiltrate companies&#039; networks and stealing data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System\" \/>\n<meta property=\"og:description\" content=\"Learn how FIN7 ransomware gang is using an auto-attack platform\u2013Checkmarks-to target and infiltrate companies&#039; networks and stealing data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Stellar Data Recovery Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/facebook.com\/raavisingh\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-23T11:50:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-21T04:09:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ravi Singh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/ravi51ngh\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ravi Singh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\"},\"author\":{\"name\":\"Ravi Singh\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/7dea10d15c0307370e21d7da07d0cd11\"},\"headline\":\"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System\",\"datePublished\":\"2022-12-23T11:50:40+00:00\",\"dateModified\":\"2024-08-21T04:09:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\"},\"wordCount\":773,\"image\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg\",\"keywords\":[\"Exchange Servers Ransomware\",\"FIN7 Ransomware\",\"Ransomware\"],\"articleSection\":[\"Ransomware\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\",\"url\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\",\"name\":\"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System\",\"isPartOf\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg\",\"datePublished\":\"2022-12-23T11:50:40+00:00\",\"dateModified\":\"2024-08-21T04:09:02+00:00\",\"author\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/7dea10d15c0307370e21d7da07d0cd11\"},\"description\":\"Learn how FIN7 ransomware gang is using an auto-attack platform\u2013Checkmarks-to target and infiltrate companies' networks and stealing data.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage\",\"url\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg\",\"contentUrl\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg\",\"width\":1000,\"height\":600,\"caption\":\"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stellarinfo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#website\",\"url\":\"https:\/\/www.stellarinfo.com\/blog\/\",\"name\":\"Stellar Data Recovery Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stellarinfo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/7dea10d15c0307370e21d7da07d0cd11\",\"name\":\"Ravi Singh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9e95cad83fe279b559794f62193f34300d01db8f9f2ec45ce529b7ecde3796ba?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9e95cad83fe279b559794f62193f34300d01db8f9f2ec45ce529b7ecde3796ba?s=96&d=mm&r=g\",\"caption\":\"Ravi Singh\"},\"description\":\"Ravi Singh is a Senior Writer at Stellar\u00ae. He is an expert Tech Explainer, IoT enthusiast, and a passionate nerd with over 7 years of experience in technical writing. He writes about Microsoft Exchange, Microsoft 365, Email Migration, Linux, Windows, Mac, DIY Tech, and Smart Home. Ravi spends most of his weekends working with IoT (DIY Smart Home) devices and playing Overwatch. He is also a solo traveler who loves hiking and exploring new trails.\",\"sameAs\":[\"https:\/\/stellarinfo.com\/blog\",\"https:\/\/facebook.com\/raavisingh\",\"https:\/\/instagram.com\/ravi.s1ngh\",\"https:\/\/linkedin.com\/in\/ravi-singh-5a65356a\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/ravi51ngh\",\"https:\/\/youtube.com\/ravisingh9\"],\"url\":\"https:\/\/www.stellarinfo.com\/blog\/author\/ravi\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System","description":"Learn how FIN7 ransomware gang is using an auto-attack platform\u2013Checkmarks-to target and infiltrate companies' networks and stealing data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/","og_locale":"en_US","og_type":"article","og_title":"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System","og_description":"Learn how FIN7 ransomware gang is using an auto-attack platform\u2013Checkmarks-to target and infiltrate companies' networks and stealing data.","og_url":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/","og_site_name":"Stellar Data Recovery Blog","article_author":"https:\/\/facebook.com\/raavisingh","article_published_time":"2022-12-23T11:50:40+00:00","article_modified_time":"2024-08-21T04:09:02+00:00","og_image":[{"width":1000,"height":600,"url":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg","type":"image\/jpeg"}],"author":"Ravi Singh","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/ravi51ngh","twitter_misc":{"Written by":"Ravi Singh","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#article","isPartOf":{"@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/"},"author":{"name":"Ravi Singh","@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/7dea10d15c0307370e21d7da07d0cd11"},"headline":"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System","datePublished":"2022-12-23T11:50:40+00:00","dateModified":"2024-08-21T04:09:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/"},"wordCount":773,"image":{"@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg","keywords":["Exchange Servers Ransomware","FIN7 Ransomware","Ransomware"],"articleSection":["Ransomware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/","url":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/","name":"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System","isPartOf":{"@id":"https:\/\/www.stellarinfo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg","datePublished":"2022-12-23T11:50:40+00:00","dateModified":"2024-08-21T04:09:02+00:00","author":{"@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/7dea10d15c0307370e21d7da07d0cd11"},"description":"Learn how FIN7 ransomware gang is using an auto-attack platform\u2013Checkmarks-to target and infiltrate companies' networks and stealing data.","breadcrumb":{"@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#primaryimage","url":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg","contentUrl":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2022\/12\/FIN7-Ransomware-Gang-Targeting-Vulnerable-Exchange-Servers-with-Auto-Attack-System.jpg","width":1000,"height":600,"caption":"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System"},{"@type":"BreadcrumbList","@id":"https:\/\/www.stellarinfo.com\/blog\/fin7-ransomware-gang-targeting-vulnerable-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stellarinfo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"FIN7 Ransomware Gang Targeting Vulnerable Exchange Servers with Automated-Attack System"}]},{"@type":"WebSite","@id":"https:\/\/www.stellarinfo.com\/blog\/#website","url":"https:\/\/www.stellarinfo.com\/blog\/","name":"Stellar Data Recovery Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stellarinfo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/7dea10d15c0307370e21d7da07d0cd11","name":"Ravi Singh","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9e95cad83fe279b559794f62193f34300d01db8f9f2ec45ce529b7ecde3796ba?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9e95cad83fe279b559794f62193f34300d01db8f9f2ec45ce529b7ecde3796ba?s=96&d=mm&r=g","caption":"Ravi Singh"},"description":"Ravi Singh is a Senior Writer at Stellar\u00ae. He is an expert Tech Explainer, IoT enthusiast, and a passionate nerd with over 7 years of experience in technical writing. He writes about Microsoft Exchange, Microsoft 365, Email Migration, Linux, Windows, Mac, DIY Tech, and Smart Home. Ravi spends most of his weekends working with IoT (DIY Smart Home) devices and playing Overwatch. He is also a solo traveler who loves hiking and exploring new trails.","sameAs":["https:\/\/stellarinfo.com\/blog","https:\/\/facebook.com\/raavisingh","https:\/\/instagram.com\/ravi.s1ngh","https:\/\/linkedin.com\/in\/ravi-singh-5a65356a\/","https:\/\/x.com\/https:\/\/twitter.com\/ravi51ngh","https:\/\/youtube.com\/ravisingh9"],"url":"https:\/\/www.stellarinfo.com\/blog\/author\/ravi\/"}]}},"_links":{"self":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts\/118646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/comments?post=118646"}],"version-history":[{"count":11,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts\/118646\/revisions"}],"predecessor-version":[{"id":172647,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts\/118646\/revisions\/172647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/media\/118649"}],"wp:attachment":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/media?parent=118646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/categories?post=118646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/tags?post=118646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}