For the past two weeks, the cybersecurity news has been dominated by stories about the Microsoft Exchange ProxyLogon vulnerabilities. One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers.
Unfortunately, last night our fears became a reality after ID-Ransomware creator Michael Gillespie revealed that the new DearCry Ransomware targeted Microsoft Exchange servers.
After BleepingComputer broke the DearCry ransomware story, Microsoft confirmed that the ransomware was being installed on servers compromised by the ProxyLogon exploits.
If you run a Microsoft Exchange server, you must take the OWA component offline or patch the server. In addition to applying patches, admins should also perform a complete offline backup of the server to prevent it from being encrypted if already compromised.
While the DearCry/Exchange news is big enough, there have also been other news this week.
At the beginning of the week, we broke the story that the REvil ransomware operation plans on DDoS victims and call their business partners to further pressure victim’s into paying.
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments.
US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January.
Late last October, when the U.S. government warned of an imminent ransomware threat to the country’s hospitals and healthcare providers, many in the industry had a similar reaction: they paused, took a deep breath, and braced for impact.
The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain.
3xp0rt found a post on a Russian-speaking hacker forum where threat actors announced the new DarkSide 2.0 ransomware. This version allegedly includes faster encryption and features.
Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.