Security News > 2021 > March > Microsoft Exchange Exploits Pave a Ransomware Path
Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned.
The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in early March for four Microsoft Exchange flaws.
"We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers," Microsoft said on Twitter, Thursday.
DearCry first came onto the infosec space's radar after ransomware expert Michael Gillespie on Thursday said he observed a "Sudden swarm" of submissions to his ransomware identification website, ID-Ransomware.
Microsoft later confirmed that the ransomware was being launched by attackers using the four Microsoft Exchange vulnerabilities, known collectively as ProxyLogon, which are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
MalwareHunterTeam on Twitter said that victim companies of DearCry have been spotted in Australia, Austria, Canada, Denmark and the U.S. On Twitter, MalwareHunterTeam said the ransomware is "Not that very widespread." Thus far, three samples of the DearCry ransomware were uploaded to VirusTotal on March 9.
News URL
https://threatpost.com/microsoft-exchange-exploits-ransomware/164719/
Related news
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |
| 2021-03-03 | CVE-2021-26857 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |
| 2021-03-03 | CVE-2021-26858 | Unspecified vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |
| 2021-03-03 | CVE-2021-27065 | Path Traversal vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |