Ransomware attackers are now targeting Exchange servers that haven’t received the patches that Microsoft released last week.
According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called “DearCry.”
Microsoft is warning Exchange customers once again to apply the emergency patches it released last week for critical flaws affecting on-premise Exchange email servers.
Microsoft has issued an alert that hackers using a strain of ransomware known as DearCry are now targeting unpatched Exchange servers still exposed to four vulnerabilities that were being exploited by suspected Chinese government hackers.
“We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom: Win32/DoejoCrypt.A, and also as DearCry,” Microsoft warned in a tweet. Ransom:Win32/DoejoCrypt.A is the name under which Microsoft’s Defender antivirus will detect the new threat.
In a joint advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies warned that “adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.”
Microsoft added that customers using Microsoft Defender antivirus that use automatic updates don’t need to take additional action after patching the Exchange server.
Microsoft appears to be treating this set of Exchange bugs as an urgent one to fix and last week provided further security updates to address the flaw in unsupported versions of Exchange.