Security News > 2021 > March > Microsoft Exchange Exploits Pave a Ransomware Path
Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned.
The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in early March for four Microsoft Exchange flaws.
"We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers," Microsoft said on Twitter, Thursday.
DearCry first came onto the infosec space's radar after ransomware expert Michael Gillespie on Thursday said he observed a "Sudden swarm" of submissions to his ransomware identification website, ID-Ransomware.
Microsoft later confirmed that the ransomware was being launched by attackers using the four Microsoft Exchange vulnerabilities, known collectively as ProxyLogon, which are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
MalwareHunterTeam on Twitter said that victim companies of DearCry have been spotted in Australia, Austria, Canada, Denmark and the U.S. On Twitter, MalwareHunterTeam said the ransomware is "Not that very widespread." Thus far, three samples of the DearCry ransomware were uploaded to VirusTotal on March 9.
News URL
https://threatpost.com/microsoft-exchange-exploits-ransomware/164719/
Related news
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Microsoft fixes Exchange Online bug flagging Gmail emails as spam (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |
| 2021-03-03 | CVE-2021-26857 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |
| 2021-03-03 | CVE-2021-26858 | Unspecified vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |
| 2021-03-03 | CVE-2021-27065 | Path Traversal vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |