Security News > 2021 > March > Hackers Are Targeting Microsoft Exchange Servers With Ransomware

Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week.
According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry."
"Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.A," Microsoft researcher Phillip Misner tweeted.
"Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers."
Microsoft's security intelligence team, in a separate tweet, confirmed that it has begun "Blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers."
The avalanche of attacks should serve as a warning to patch all versions of the Exchange Server as soon as possible, while also take steps to identify signs of indicators of compromise associated with the hacks, given that the attackers were exploiting these zero-day vulnerabilities in the wild for at least two months before Microsoft released the patches on March 2.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/YNZgPucSGkw/icrosoft-exchange-ransomware.html
Related news
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- International cops seize ransomware crooks' favorite Russian crypto exchange (source)