Security News > 2021 > March > New DEARCRY Ransomware is targeting Microsoft Exchange Servers
Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.
Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.
Tonight our fears became a reality, and threat actors are using the vulnerabilities to install the DearCry ransomware.
On March 9, a victim also created a forum topic in the BleepingComputer forums where they state their Microsoft Exchange server was compromised using the ProxyLogon vulnerabilities, with the DearCry ransomware being the payload. After we broke the news about this attack, Microsoft security researcher Phillip Misner confirmed that the DearCry, or what they call DoejoCrypt, is installed in human-operated attacks using the new Microsoft Exchange exploits.
Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.
A. Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers.
News URL
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)