Security News > 2021 > March > Hackers Are Targeting Microsoft Exchange Servers With Ransomware

Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week.

According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry."

"Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.A," Microsoft researcher Phillip Misner tweeted.

"Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers."

Microsoft's security intelligence team, in a separate tweet, confirmed that it has begun "Blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers."

The avalanche of attacks should serve as a warning to patch all versions of the Exchange Server as soon as possible, while also take steps to identify signs of indicators of compromise associated with the hacks, given that the attackers were exploiting these zero-day vulnerabilities in the wild for at least two months before Microsoft released the patches on March 2.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/YNZgPucSGkw/icrosoft-exchange-ransomware.html