Security News > 2021 > March > Microsoft Exchange Exploits Pave a Ransomware Path
Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned.
The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in early March for four Microsoft Exchange flaws.
"We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers," Microsoft said on Twitter, Thursday.
DearCry first came onto the infosec space's radar after ransomware expert Michael Gillespie on Thursday said he observed a "Sudden swarm" of submissions to his ransomware identification website, ID-Ransomware.
Microsoft later confirmed that the ransomware was being launched by attackers using the four Microsoft Exchange vulnerabilities, known collectively as ProxyLogon, which are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
MalwareHunterTeam on Twitter said that victim companies of DearCry have been spotted in Australia, Austria, Canada, Denmark and the U.S. On Twitter, MalwareHunterTeam said the ransomware is "Not that very widespread." Thus far, three samples of the DearCry ransomware were uploaded to VirusTotal on March 9.
News URL
https://threatpost.com/microsoft-exchange-exploits-ransomware/164719/
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |
| 2021-03-03 | CVE-2021-26857 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |
| 2021-03-03 | CVE-2021-26858 | Unspecified vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |
| 2021-03-03 | CVE-2021-27065 | Path Traversal vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |