Microsoft Exchange Servers Are Being Targeted By DearCry Ransomware

Criminals use vulnerabilities in Exchange to infect organizations' mail servers with ransomware, Microsoft warns . Attackers manage to gain access to Exchange servers through vulnerabilities and then install the ransomware. Microsoft made security updates for the vulnerabilities available last week, but worldwide many tens of thousands of servers still appear to be unpatched.

For example, attackers can proliferate DearCry ransomware , which Microsoft refers to as DoejoCrypt . According to Microsoft's Phillip Misner , these are targeted ransomware attacks in which the attackers manually carry out the attack and install ransomware on the servers of affected organizations. Also, several security researchers show on Twitter that use the Exchange vulnerability to the spread of ransomware.

Organizations that have installed the security updates are called upon to check their servers for any backdoors. It is possible that attackers have already gained access to the servers before the patches were deployed and were thus able to install a backdoor. Patching Exchange servers will not remove these backdoors, which will keep attackers from accessing the servers. Microsoft Defender can now recognize and block DearCry ransomware.

Previous Post Next Post