Microsoft Exchange users are now being targeted by ransom-seeking hackers, according to the latest findings from Microsoft Defender researchers.
The popular email server had been hit by at least ten hacking groups, including Chinese state-backed cyber criminals, who had taken advantage of four zero-day vulnerabilities.
Security program manager Philip Misner reported on Thursday that Exchange users now also need to watch out for “human-operated ransomware attacks”, with the threat to customers escalating as a result.
The ransomware, also known as DearCry, is typical in its approach, preventing users from being able to use their PCs or access their data until a payment is sent to hackers, according to information outlined by Microsoft.
“We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” Microsoft’s Security Intelligence team informed its Twitter followers.
This follows reports that a proof-of-concept tool to hack Microsoft Exchange servers has been published on Microsoft-owned GitHub.
Vietnam-based independent security researcher Nguyen Jang is believed to have shared the first functional public proof-of-concept exploit for a group of vulnerabilities in Microsoft Exchange servers known as ProxyLogon, according to reports by The Record.
RELATED RESOURCE
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisation
A GitHub spokesperson told Vice that although “the publication and distribution of proof of concept exploit code has educational and research value to the security community”, its “goal is to balance that benefit with keeping the broader ecosystem safe”.
“In accordance with our Acceptable Use Policies, we disabled the gist following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited,” they added.
Although the code was removed from GitHub mere hours after, its publishing could have still exacerbated an already dire situation for Exchange users.
Among the hundreds of thousands of victims are high-profile and political organisations such as the Norwegian government, which earlier this week reported that it had data stolen as a result. Reuters reported that up to 60,000 networks remain vulnerable in Germany alone.
Microsoft has advised on-premises Exchange Server customers to prioritise the security updates outlined here.
-
How AI coding is transforming the IT industry in 2025In-depth Discover how the IT industry is shifting to AI coding to transform how it builds, tests, and deploys its digital products
-
Everything we know about the Workday data breach so farNews HR technology firm Workday has confirmed a data breach after threat actors gained access to a third-party CRM platform.
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
