Security News > 2021 > March > Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits
Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.
Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.
Tonight our fears became a reality, and threat actors are using the vulnerabilities to install the DearCry ransomware.
On March 9, a victim also created a forum topic in the BleepingComputer forums where they state their Microsoft Exchange server was compromised using the ProxyLogon vulnerabilities, with the DearCry ransomware being the payload. After we broke the news about this attack, Microsoft security researcher Phillip Misner confirmed that the DearCry, or what they call DoejoCrypt, is installed in human-operated attacks using the new Microsoft Exchange exploits.
Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.
A. Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers.
News URL
Related news
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)