Security News > 2021 > March > No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises
The UK's National Cyber Security Centre has reminded Brits to patch their Microsoft Exchange Server deployments against Hafnium attacks, 10 days after the US and wider infosec industry shouted the house down saying the same thing.
The agency told press on Friday afternoon that it had proactively helped UK organisations fix around 2,100 affected mailservers following last week's out-of-band patches to resolve four zero-day vulnerabilities in Exchange Server.
"The NCSC strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of compromise," said the GCHQ offshoot in a statement published this afternoon, expanding on brief public advice from 3 March.
On the bright side, rumours of ransomware engaging with webshells dropped by the likely-Chinese attackers behind the widespread compromise don't appear to be affecting the UK, at least as far as NCSC is aware.
The British cybersecurity agency urged sysadmins to upgrade on-prem and hosted Exchange deployments, per Microsoft's advice, and also to run Microsoft Safety Scanner, a Redmond malware seek-and-destroy tool.
We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers.
News URL
Related news
- Germany seizes 47 crypto exchanges used by ransomware gangs (source)
- Wherever There's Ransomware, There's Service Account Compromise. Are You Protected? (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)