Microsoft has recently issued an alert that hackers are using a certain strain of ransomware known as the DearCry and are now targeting those users with unpatched Microsoft Exchange servers. The target as of the moment is the unpatched servers exposed to the four different vulnerabilities that were reportedly being exploited by the suspected Chinese government hackers.
Microsoft Exchange hack 2021
The company is now warning its Exchange customers yet again to apply the new updated emergency patches that the company had released just last week aimed to cover the critical flaws affecting the on-premise Microsoft Exchange email servers. Microsoft previously urged its customers to install the patches as soon as they were out back on March 2 due to the main risk that there could be more cybercriminals as well as state-backed hackers that could possibly exploit the hidden flaws within the upcoming weeks and months.
According to an article by ZDNet, it also noted that existing attacks were reportedly being carried out by a certain Chinese hacking group that they called Hafnium. A security vendor called ESET, however, reported that there could be at least 10 different state-backed hacking groups that were now all attempting to try and exploit these flaws located within the unpatched Microsoft Exchange servers.
Microsoft Exchange server hack
As of the moment, cyber criminals are now all trying to feed off the other Exchange bugs. On Friday, March 12, the ransomware attackers were able to spread a strain that they called DearCry and are now trying to install the malware after being able to compromise Microsoft Exchange servers.
Microsoft issued a tweet warning its users that they have been able to detect a new family of ransomware and are now trying to block it being used after what was noted to be an initial compromise of certain unpatched on-premises Microsoft Exchange servers. The tweet then identified the threat as Ransom:Win32/DoejoCrypt.A, or DearCry.
Microsoft Exchange security update
Microsoft also added that the customers that are using Microsoft Defender antivirus using automatic updates won't need to take some additional action after having patched up the Microsoft Exchange server. Microsoft is now seemingly treating this set of bugs as something very urgent and needs fixing as soon as possible. Last week, Microsoft provided some further security updates in order to address the flaw with the previous unsupported versions of Microsoft Exchange.
Attackers were reportedly using the bugs to attack the Exchange servers and deploy malicious web shells in order to steal data as well as maintain access to the servers even after its initial compromise. Web shells are also noted to be small scripts that might provide a basic interface for remote access in general without a compromised system.
Microsoft has officially released a type of script on its very own code-sharing website called GitHub that the admins can use in order to check for the presence of other web shells on the Microsoft Exchange servers. An article by arstechnica even deadlier news is that never-before seen ransomeware is being installed on over thousands of servers infected by the supposed state-sponsored Chinese hackers. Kryptos Logic recently tweeted that there were 6970 exposed webshells.
Related Article: Microsoft Big Email China Hacked: How to Know if You're Affected, What to Do Next
This article is owned by Tech Times
Written by Urian Buenconsejo