Thursday, September 23, 2021

Attackers Targeting Unpatched Exchange Servers With DearCry Ransomware

Must Read

Centreon says only 15 organizations have been targeted in Russia’s latest hacking spree

Today, French software company Centreon said that none of its paid customers were victims of a years-long hacking campaign...

China Released New Law Regarding vulnerability disclosure rules

The Cyberspace Administration of China (CAC) Released a New Law Regarding vulnerability disclosure rules that mandate security researchers to...

North Korean hackers launch RokRat Trojan campaigns against the South Korean government

A North Korean hacking team is using the RokRat Trojan in a new wave of campaigns against the South...

Ransomware attackers are now targeting Exchange servers that haven’t received the patches that Microsoft released last week.

According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called “DearCry.”

Microsoft is warning Exchange customers once again to apply the emergency patches it released last week for critical flaws affecting on-premise Exchange email servers. 

Microsoft has issued an alert that hackers using a strain of ransomware known as DearCry are now targeting unpatched Exchange servers still exposed to four vulnerabilities that were being exploited by suspected Chinese government hackers.

“We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom: Win32/DoejoCrypt.A, and also as DearCry,” Microsoft warned in a tweet. Ransom:Win32/DoejoCrypt.A is the name under which Microsoft’s Defender antivirus will detect the new threat. 

In a joint advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies warned that “adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.”

Microsoft added that customers using Microsoft Defender antivirus that use automatic updates don’t need to take additional action after patching the Exchange server. 

Microsoft appears to be treating this set of Exchange bugs as an urgent one to fix and last week provided further security updates to address the flaw in unsupported versions of Exchange. 

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This