Microsoft, assorted security researchers, and the US Federal Government are all warning that assailants are actively exploiting zero-day vulnerabilities in Exchange email servers to deliver ransomware.
Credit: AppleInsider
Microsoft on Thursday said that it had detected a new family of ransomware dubbed, DoejoCrypt.A or DearCry, being delivered via Exchange vulnerabilities. The attacks are using the same four vulnerabilities that were previously linked to Chinese-backed hacking group Hafnium. When chained together, the vulnerabilities allow an attacker to take full control of a compromised system.
Ransomware expert Michael Gillespie said vulnerable exchange servers in the U.S., Canada, and Australia had been hit with DearCry.
#Exchange Servers Possibly Hit With #Ransomware
-- Michael Gillespie (@demonslay335) March 11, 2021
ID Ransomware is getting sudden swarm of submissions with ".CRYPT" and filemarker "DEARCRY!" coming from IPs of Exchange servers from US, CA, AU on quick look. pic.twitter.com/wPCu2v6kVl
Microsoft has since confirmed that the server vulnerabilities were being used in human-operated ransomware attacks, which are much more targeted and directed. The new ransomware comes about a day after a security researcher briefly published proof-of-concept code exploiting the vulnerabilities to GitHub.
The vulnerabilities have since been fixed, but those fixes can't purge an attacker form an already compromised network. Additionally, Palo Alto Networks has told BleepingComputer that there are nearly 80,000 older servers that cannot be manually patched.
Federal authorities, including the FBI and the Cybersecurity and Infrastructure Agency, have said that the vulnerabilities pose a major risk to U.S. businesses. On March 6, reports suggested that the attack had affected more than 30,000 organizations.
Other than Hafnium itself, reports also indicate that other criminal hacking groups are piling on with their own attacks leveraging the vulnerabilities.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.