A strain of ransomware called DearCry is being used to target unpatched Exchange servers.
Microsoft has released patches for Exchange servers, but some organizations have not patched systems yet.
Check Point Research reports that exploitation attempts doubled every 2-3 hours over a recent 24-hour period.
While Microsoft has rolled out emergency patches to address vulnerabilities on its Exchange server software, many systems remain unpatched. Attackers are now increasingly going after unpatched systems. A strain of ransomware called DearCry is being utilized by attackers to target unpatched on-premises Exchange servers (via ZDNet).
Microsoft has detected and is now blocking the new family of ransomware, but it s still vital for organizations to patch their servers and take other security measures.
Source: Microsoft, Bleeping Computer
Ransomware-wielding attackers have begun to exploit a serious proxy-logon flaw in unpatched versions of Microsoft Exchange running on premises, Microsoft reports. Hackers have exploited the flaw to access vulnerable servers, crypto-lock files and demand a ransom from victims in return for the promise of a decryption tool.
News of the attack campaign follows Microsoft on March 2 issuing emergency patches to fix four zero-day flaws in Microsoft Exchange, which is one of the most widely used pieces of IT infrastructure in the world. Because we are aware of active exploits of related vulnerabilities in the wild, Microsoft said in its March 2021 Exchange Server Security Updates alert, which it continues to update, our recommendation is to install these updates immediately to protect against these attacks.
No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
Exchange Hafnium Attackers Now Using Ransomware
Another reason to patch early and patch often: The Exchange Server zero-day vulnerabilities Microsoft first disclosed earlier this month are now being used in ransomware.
As Microsoft disclosed on March 2, the vulnerabilities enable attackers to access e-mail accounts and install leave-behind malware. Microsoft has issued out-of-band patches for the vulnerabilities in Exchange Server 2019 and Exchange Server 2016.
The Microsoft Threat Intelligence Center (MSTIC) attributed the campaign to a state-sponsored group it calls Hafnium that operates out of China and primarily targets entities in the United States. The initial focus was on pre-patch/pre-discovery attacks, as well as an acceleration in post-patch activity as attackers raced to beat the patches.