No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises

No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises

The UK's National Cyber Security Centre has reminded Brits to patch their Microsoft Exchange Server deployments against Hafnium attacks, 10 days after the US and wider infosec industry shouted the house down saying the same thing.


The agency told press on Friday afternoon that it had proactively helped UK organisations fix around 2,100 affected mailservers following last week's out-of-band patches to resolve four zero-day vulnerabilities in Exchange Server. Those flaws were being exploited by China-based malefactors to steal data from vulnerable deployments.

"The NCSC strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of compromise," said the GCHQ offshoot in a statement published this afternoon, expanding on brief public advice from 3 March.


On the bright side, rumours of ransomware engaging with webshells dropped by the likely-Chinese attackers behind the widespread compromise don't appear to be affecting the UK, at least as far as NCSC is aware.

The British cybersecurity agency urged sysadmins to upgrade on-prem and hosted Exchange deployments, per Microsoft's advice, and also to run Microsoft Safety Scanner, a Redmond malware seek-and-destroy tool.



We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt. ..