Microsoft Exchange users are now being targeted by ransom-seeking hackers, according to the latest findings from Microsoft Defender researchers.
The popular email server had been hit by at least ten hacking groups, including Chinese state-backed cyber criminals, who had taken advantage of four zero-day vulnerabilities.
Security program manager Philip Misner reported on Thursday that Exchange users now also need to watch out for “human-operated ransomware attacks”, with the threat to customers escalating as a result.
The ransomware, also known as DearCry, is typical in its approach, preventing users from being able to use their PCs or access their data until a payment is sent to hackers, according to information outlined by Microsoft.
“We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” Microsoft’s Security Intelligence team informed its Twitter followers.
This follows reports that a proof-of-concept tool to hack Microsoft Exchange servers has been published on Microsoft-owned GitHub.
Vietnam-based independent security researcher Nguyen Jang is believed to have shared the first functional public proof-of-concept exploit for a group of vulnerabilities in Microsoft Exchange servers known as ProxyLogon, according to reports by The Record.
RELATED RESOURCE
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisation
A GitHub spokesperson told Vice that although “the publication and distribution of proof of concept exploit code has educational and research value to the security community”, its “goal is to balance that benefit with keeping the broader ecosystem safe”.
“In accordance with our Acceptable Use Policies, we disabled the gist following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited,” they added.
Although the code was removed from GitHub mere hours after, its publishing could have still exacerbated an already dire situation for Exchange users.
Among the hundreds of thousands of victims are high-profile and political organisations such as the Norwegian government, which earlier this week reported that it had data stolen as a result. Reuters reported that up to 60,000 networks remain vulnerable in Germany alone.
Microsoft has advised on-premises Exchange Server customers to prioritise the security updates outlined here.
-
Google CEO Sundar Pichai says vibe coding has made software development ‘exciting again’News Google CEO Sundar Pichai claims software development has become “exciting again” since the rise of vibe coding, but some devs are still on the fence about using AI to code.
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
15-year-old revealed as key player in Scattered LAPSUS$ Hunters
News 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
