Microsoft has issued a warning that it has discovered a “new family of ransomware” used to attack Exchange servers that have not yet been patched with recently discovered zero-day vulnerabilities.
Malware capable of encrypting files and stealing data is dubbed DearCry. To protect against this type of attack, the developers recommend urgently installing a hotfix that was released a few days ago, which resolves several dangerous vulnerabilities in Exchange Server.
Recall that the identification of dangerous vulnerabilities in Exchange became known at the beginning of this month. At that time, Microsoft accused the Chinese hacker group Hafnium of attacks on tens of thousands of organizations, during which the mentioned vulnerabilities were exploited. However, this week’s cybersecurity company ESET reported that at least ten hacker groups supported by governments worldwide exploit vulnerabilities in Exchange.
According to available data, attackers have stepped up efforts to compromise vulnerable servers that have not yet received a patch to inject DearCry malware. “ We have discovered and are now blocking a new family of ransomware that has been in use since the initial breach of on-premises Exchange servers that did not receive a fix. Microsoft protects against this threat, known as Ransom: Win32 / DoejoCrypt.A or DearCry, ”Microsoft said in a statement.
The developers also noted that customers who use Microsoft Defender antivirus and regularly install updates do not need to take any additional action other than installing a patch. This will be enough to protect your devices from attacks through vulnerabilities in Exchange.