A new strain of ransomware that exploits vulnerabilities discovered on Microsoft Exchange servers could lead to dire consequences, say security researchers
A new line of ransomware has emerged that exploits a security breach on Microsoft Exchange servers, signaling potentially damaging consequences of a high-profile hack.
Microsoft and other security researchers said the new ransomware dubbed “DearCry” was appearing on servers affected by the breach attributed to a group of Chinese hackers.
“We have detected and are now blocking a new family of ransomware that is being used after an initial compromise of uncorrected local Exchange servers,” said a tweet from Microsoft Security Intelligence.
Other researchers, including Michael Gillespie, founder of the ID Ransomware service, observed the new strain of malware on Thursday, which could lead to a new wave of ransomware attacks that encrypt computer systems and seek to extract payments from operators.
This is the latest sign that the security breach that went public this month could open the door for a variety of hackers, cybercriminals and cyber-espionage operators.
“While it is easy to fix the problem to avoid compromises, fixing any system that has already been compromised will not be,” said Brent Callow of security company Emsisoft.
“At this point, it is absolutely critical that governments quickly come up with a strategy to help organizations protect their Exchange servers and remedy any compromises before an already bad situation becomes even worse.”
Earlier this week, the FBI and the Department of Homeland Security warned that the vulnerability of the Exchange server could be exploited for nefarious purposes.
A joint statement from the agencies said that “adversaries can exploit these vulnerabilities to compromise networks, steal information, encrypt data for rescue or even carry out a destructive attack”.
The DHS Cybersecurity and Infrastructure Agency has been pushing for patching networks in both government and the private sector.
The potentially devastating hack, which is believed to have affected at least 30,000 Microsoft email servers, comes just months after revelations that Russia was probably behind the massive SolarWinds hack that shook government and corporate security this year. past.
The two incidents increase pressure on the Biden government, which is considering hacking options or other measures to protect cyberspace.
German head of IT security: act on the Exchange hack or go offline
© 2021 AFP
Quote: New strain of ransomware exploits the Microsoft Exchange security hole (2021, March 12) recovered on March 13, 2021 at https://techxplore.com/news/2021-03-ransomware-strain-exploits-microsoft- exchange.html
This document is subject to copyright. In addition to any fair dealing for the purpose of study or private research, no part may be reproduced without written permission. The content is provided for informational purposes only.