Crooks installing ransomware using Microsoft Exchange Server vulnerabilities

ByCraig Haley

Cyber crooks are targeting organisations with ransomware through security vulnerabilities in the Microsoft Exchange Server software that businesses employ for setting up company emails.

We previously published a post about the Microsoft Exchange Server hack that was originally discovered in January 2021. Hacking group Hafnium, allegedly tied to the Chinese government, began exploiting a series of vulnerabilities in the Microsoft Exchange Server software which hundreds of thousands of businesses around the world use for their email capabilities.

Microsoft released security patches for the vulnerabilities in early March, but getting so many organisations to apply those patches – especially organisations with older servers – is proving to be an arduous task.

The problem is that once Microsoft release emergency security patches outside the normal security update cycle, this effectively acts as a bullhorn, alerting cyber crooks far and wide to the existence of some presumably serious security vulnerabilities. These crooks know that many organisations will be slow to uptake the security patches. And so a race begins between the cyber crooks looking to exploit the security vulnerabilities before all organisations get a chance to deploy the security patches.


Sponsored Content. Continued below...




Perhaps predictably the crooks seem to be winning this race. A number of different groups hackers have been attacking businesses using affected versions of the Exchange Server software. And now, again predictably, cyber crooks are now using the security vulnerabilities to infect devices inside an organisation’s network with ransomware, the new go-to malware crooks use to make some fast cash.

The ransomware, dubbed DearCry, does what ransomware does best. Encrypts files on a device or network and demands a ransom to be paid through crypto-currency in order to obtain a decryption key to recover the files. And the even more bad news is that the encryption technique appears to be strong, and there is currently no “good guy” tool available to decrypt files affected by DearCry (and it’s possible there never will be.)

Organisations using the on-premises version of Microsoft Exchange Server are advised to patch as soon as possible (more information from Microsoft is here.) Organisations should also ensure they have a reliable, real time back-up solution in place, so if ransomware does come visiting, opting whether to pay good money to bad cyber crooks never becomes a decision they’ll ever have to make.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)