Following CISA's weekend updates on continuing Exchange server hacks, Microsoft is investigating the significant uptick in exploits just days before patches were released.
DearCry ransomware appends .CRYPT to forcibly encrypted files. (Source: Sophos)
Fresh ransomware targeting as-yet-unpatched on-premises Exchange servers appears to have been rushed to market, with attackers seeking to capitalize on new opportunities before the competition stepped in, security firm Sophos reports.
Sophos has published a teardown of the new DearCry ransomware, which it describes as being unsophisticated and apparently created by a beginner. The ransomware was first spotted in the wild on March 9.
DearCry targets a critical proxy-logon flaw in Microsoft Exchange email servers, which was one of four zero-day flaws Microsoft patched via software updates issued on March 2, when it warned that the flaws were already being exploited in the wild.
The Microsoft Exchange hack: Sharing bug intel is vital, but not without risk scmagazine.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from scmagazine.com Daily Mail and Mail on Sunday newspapers.
WASHINGTON The sophisticated hacks pulled off by Russia and China against a broad array of government and industrial targets in the United States and the failure of the intelligence agencies to detect them are driving the Biden administration and Congress to rethink how the nation should protect itself from growing cyberthreats.
BankInfoSecurity
May 5, 2021 Twitter Get Permission
It has been an open question as to how a half-dozen hacking groups began exploiting Exchange servers in an automated fashion in the days leading up to Microsoft s patches. But there are strong signs that exploit code leaked, and the question now is: Who leaked it?
A Taiwanese computer security researcher indicated on Friday that exploit code he developed and privately shared with Microsoft in early January ended up in hostile hands.
It s an unsatisfactory prospect that how the Exchange exploit leak occurred may never be solved. But it may direct questions back to Microsoft as to whether the MAPP is still worth it.