New ransomware now attacking Microsoft Exchange users

News
By
published

Experts ask administrators to brace for more attacks

Lock on Laptop Screen
(Image credit: Future)

Just as security experts feared, multiple reports have now confirmed that threat actors are exploiting the Microsoft Exchange email server zero-day vulnerabilities to deliver ransomware.

Chinese state-sponsored threat actors known as Hafnium were the first to exploit the vulnerabilities. Security experts warned that more threat actors were bound to exploit the now-patched vulnerabilities, amidst news of ESET identifying over 5000 compromised exchange servers.

It’s now being reported that several users from the US, Canada and Australia, have submitted details about the DearCry ransomware being planted on their Exchange servers.

No end in sight

The details come from Michael Gillespie, who runs the ransomware identification site ID-Ransomware. On March 9 he noted the new submissions, which upon review revealed that they all were from Microsoft Exchange servers.

On the same day, a user on BleepingComputer’s forum boards shared details about the same DearCry ransomware attack on his Exchange servers using the now infamous Hafnium vulnerabilities.

Microsoft has now confirmed that the Exchange server vulnerabilities are indeed being exploited in human-operated attacks to deploy the DearCry ransomware. Human-operated attacks are more personalized and directed and conducted by humans who compromise a system’s security manually, instead of using a worm for mass attacks. 

In a shocking revelation, Palo Alto Networks told BleepingComputer that while thousands of Exchange servers have been patched over the last few days, there are about 80,000 installations that are too old to directly apply the patches.

They also urge organizations to check their systems for signs of compromise even if they have applied the patches since they believe the attackers had a free run for months before the vulnerabilities were fixed.

Via: BleepingComputer

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
data recovery
Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
Latest in Security
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Latest in News
Nintendo Switch 2
A Nintendo Switch 2 FCC filing confirms Wi-Fi 6 and NFC support for the upcoming console
Google Pixel 8 review Pixel 8 Pro cameras
Is your Google Pixel 9 screen flickering or are the haptics a lot more intense? You aren't alone, and thankfully there's a fix
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
The logo of the social media app Bluesky is seen on the screen of a mobile phone
Bluesky gets a massive video upgrade to tempt X fans who are frustrated by its cyberattack outages
Acer Aspire 14 AI laptop display showing the Windows 11 login screen
Shock, horror – I’m not going to argue with Microsoft’s latest bit of nagging in Windows 11, as this pop-up is justified
Two business men playing chess in the office.
It turns out ChatGPT o1 and DeepSeek-R1 cheat at chess if they’re losing, which makes me wonder if I should I should trust AI with anything
More about security
Representational image of a cybercriminal

Criminals are spreading malware disguised as DeepSeek AI
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
Nintendo Switch 2

A Nintendo Switch 2 FCC filing confirms Wi-Fi 6 and NFC support for the upcoming console
See more latest
Most Popular
Nintendo Switch 2
A Nintendo Switch 2 FCC filing confirms Wi-Fi 6 and NFC support for the upcoming console
Two business men playing chess in the office.
It turns out ChatGPT o1 and DeepSeek-R1 cheat at chess if they’re losing, which makes me wonder if I should I should trust AI with anything
Google Pixel 8 review Pixel 8 Pro cameras
Is your Google Pixel 9 screen flickering or are the haptics a lot more intense? You aren't alone, and thankfully there's a fix
AMD RX 9070 GPU models
Modders do what AMD can't (or won't) by adding FSR 4 support to more games
Where to buy Xbox Series X stock pre-orders
The next Xbox console is reportedly now 'fully in production' and targeting a 2027 release
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
The logo of the social media app Bluesky is seen on the screen of a mobile phone
Bluesky gets a massive video upgrade to tempt X fans who are frustrated by its cyberattack outages
Acer Aspire 14 AI laptop display showing the Windows 11 login screen
Shock, horror – I’m not going to argue with Microsoft’s latest bit of nagging in Windows 11, as this pop-up is justified
Europe
Apple and Meta set to face fines for alleged breaches of EU DMA
Garmin Forerunner 965 on wrist in the dark
New Garmin leak suggests a release is days away, but don't get your hopes up for the Forerunner 975