Cisco Talos red-flagged a new campaign by Tortilla, one of Babuk’s affiliates, for targeting ProxyShell flaws in Exchange Server in an attempt to breach corporate networks. The gang asks for around $10,000 ransom in Monero to decrypt the encrypted documents. More similar attacks are expected in the future by Babuk or its affiliates.