New ransomware now attacking Microsoft Exchange users

Experts ask administrators to brace for more attacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Just as security experts feared, multiple reports have now confirmed that threat actors are exploiting theMicrosoftExchangeemailserver zero-day vulnerabilities to deliverransomware.

Chinese state-sponsored threat actors known as Hafnium were thefirst to exploitthe vulnerabilities. Security experts warned that more threat actors were bound to exploit the now-patched vulnerabilities, amidst news of ESET identifying over5000 compromised exchange servers.

It’s now being reported that several users from the US, Canada and Australia, have submitted details about the DearCry ransomware being planted on their Exchange servers.

No end in sight

The details come from Michael Gillespie, who runs the ransomware identification site ID-Ransomware. On March 9 he noted the new submissions, which upon review revealed that they all were from Microsoft Exchange servers.

On the same day, a user onBleepingComputer’s forum boards shared details about the same DearCry ransomware attack on his Exchange servers using the now infamous Hafnium vulnerabilities.

Microsoft has now confirmed that the Exchange server vulnerabilities are indeed being exploited in human-operated attacks to deploy the DearCry ransomware. Human-operated attacks are more personalized and directed and conducted by humans who compromise a system’s security manually, instead of using a worm for mass attacks.

In a shocking revelation, Palo Alto Networks toldBleepingComputerthat while thousands of Exchange servers have been patched over the last few days, there are about 80,000 installations that are too old to directly apply the patches.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

They also urge organizations to check their systems forsigns of compromiseeven if they have applied the patches since they believe the attackers had a free run for months before the vulnerabilities were fixed.

Via:BleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’