IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft warns of ransomware attacks as Exchange hack escalates

Defender researchers are attempting to block a ransomware strain known as DearCry

Large Microsoft sign on a show floor at Ignite 2019

Microsoft Exchange users are now being targeted by ransom-seeking hackers, according to the latest findings from Microsoft Defender researchers.

The popular email server had been hit by at least ten hacking groups, including Chinese state-backed cyber criminals, who had taken advantage of four zero-day vulnerabilities.

Security program manager Philip Misner reported on Thursday that Exchange users now also need to watch out for “human-operated ransomware attacks”, with the threat to customers escalating as a result.

The ransomware, also known as DearCry, is typical in its approach, preventing users from being able to use their PCs or access their data until a payment is sent to hackers, according to information outlined by Microsoft.

“We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” Microsoft’s Security Intelligence team informed its Twitter followers.

This follows reports that a proof-of-concept tool to hack Microsoft Exchange servers has been published on Microsoft-owned GitHub.

Vietnam-based independent security researcher Nguyen Jang is believed to have shared the first functional public proof-of-concept exploit for a group of vulnerabilities in Microsoft Exchange servers known as ProxyLogon, according to reports by The Record.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

A GitHub spokesperson told Vice that although “the publication and distribution of proof of concept exploit code has educational and research value to the security community”, its “goal is to balance that benefit with keeping the broader ecosystem safe”.

“In accordance with our Acceptable Use Policies, we disabled the gist following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited,” they added.

Although the code was removed from GitHub mere hours after, its publishing could have still exacerbated an already dire situation for Exchange users.

Among the hundreds of thousands of victims are high-profile and political organisations such as the Norwegian government, which earlier this week reported that it had data stolen as a result. Reuters reported that up to 60,000 networks remain vulnerable in Germany alone.

Microsoft has advised on-premises Exchange Server customers to prioritise the security updates outlined here.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022