Cyber crooks are targeting organisations with ransomware through security vulnerabilities in the Microsoft Exchange Server software that businesses employ for setting up company emails.
We previously published a post about the Microsoft Exchange Server hack that was originally discovered in January 2021. Hacking group Hafnium, allegedly tied to the Chinese government, began exploiting a series of vulnerabilities in the Microsoft Exchange Server software which hundreds of thousands of businesses around the world use for their email capabilities.
Microsoft released security patches for the vulnerabilities in early March, but getting so many organisations to apply those patches – especially organisations with older servers – is proving to be an arduous task.
The problem is that once Microsoft release emergency security patches outside the normal security update cycle, this effectively acts as a bullhorn, alerting cyber crooks far and wide to the existence of some presumably serious security vulnerabilities. These crooks know that many organisations will be slow to uptake the security patches. And so a race begins between the cyber crooks looking to exploit the security vulnerabilities before all organisations get a chance to deploy the security patches.
Perhaps predictably the crooks seem to be winning this race. A number of different groups hackers have been attacking businesses using affected versions of the Exchange Server software. And now, again predictably, cyber crooks are now using the security vulnerabilities to infect devices inside an organisation’s network with ransomware, the new go-to malware crooks use to make some fast cash.
The ransomware, dubbed DearCry, does what ransomware does best. Encrypts files on a device or network and demands a ransom to be paid through crypto-currency in order to obtain a decryption key to recover the files. And the even more bad news is that the encryption technique appears to be strong, and there is currently no “good guy” tool available to decrypt files affected by DearCry (and it’s possible there never will be.)
Organisations using the on-premises version of Microsoft Exchange Server are advised to patch as soon as possible (more information from Microsoft is here.) Organisations should also ensure they have a reliable, real time back-up solution in place, so if ransomware does come visiting, opting whether to pay good money to bad cyber crooks never becomes a decision they’ll ever have to make.