Currently, there are over 80,000 servers exposed to DearCry ransomware – Microsoft has urged customers to install patches issued last week.
Just last week Microsoft revealed that its Exchange Email server was targeted by Chinese hackers after which 30,000 organizations across the globe are at risk. This includes European Banking Authority (EBA) who has already acknowledged that hackers were in its email system.
Now, Microsoft has identified threat actors dropping DearCry ransomware on systems that are not updated to the latest version meaning their Exchange Email server is unpatched and still vulnerable to attacks.
Microsoft Alerts About DearCry Ransomware Strain
Microsoft has issued an alert to warn Exchange customers about a new ransomware strain dubbed DearCry. According to a tweet from Microsoft’s Security Intelligence team hackers are targeting on-premises unpatched Exchange servers to deploy DearCry ransomware.
According to Microsoft, hackers are specifically targeting servers still exposed to the four vulnerabilities that Chinese state-sponsored hackers have been exploiting. The tweet is as follows:
“We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.”
The previously detected Hafnium server hacks were espionage-motivated. ESET, conversely, reported that at least ten state-sponsored hacking groups were trying to exploit unpatched Exchange server flaws.
These include the Winniti Group, Tick, Calypso, L ..
Support the originator by clicking the read the rest link below.
