Security News > 2021 > March > Hackers Are Targeting Microsoft Exchange Servers With Ransomware
Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week.
According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry."
"Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.A," Microsoft researcher Phillip Misner tweeted.
"Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers."
Microsoft's security intelligence team, in a separate tweet, confirmed that it has begun "Blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers."
The avalanche of attacks should serve as a warning to patch all versions of the Exchange Server as soon as possible, while also take steps to identify signs of indicators of compromise associated with the hacks, given that the attackers were exploiting these zero-day vulnerabilities in the wild for at least two months before Microsoft released the patches on March 2.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/YNZgPucSGkw/icrosoft-exchange-ransomware.html
Related news
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)