Security News > 2021 > March > Microsoft Exchange Exploits Pave a Ransomware Path
Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned.
The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in early March for four Microsoft Exchange flaws.
"We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers," Microsoft said on Twitter, Thursday.
DearCry first came onto the infosec space's radar after ransomware expert Michael Gillespie on Thursday said he observed a "Sudden swarm" of submissions to his ransomware identification website, ID-Ransomware.
Microsoft later confirmed that the ransomware was being launched by attackers using the four Microsoft Exchange vulnerabilities, known collectively as ProxyLogon, which are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
MalwareHunterTeam on Twitter said that victim companies of DearCry have been spotted in Australia, Austria, Canada, Denmark and the U.S. On Twitter, MalwareHunterTeam said the ransomware is "Not that very widespread." Thus far, three samples of the DearCry ransomware were uploaded to VirusTotal on March 9.
News URL
https://threatpost.com/microsoft-exchange-exploits-ransomware/164719/
Related news
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector (source)
- Germany seizes 47 crypto exchanges used by ransomware gangs (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |
| 2021-03-03 | CVE-2021-26857 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |
| 2021-03-03 | CVE-2021-26858 | Unspecified vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |
| 2021-03-03 | CVE-2021-27065 | Path Traversal vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |