New DearCry Malware Found in About 7,000 Microsoft Exchange Server

According to Microsoft, hackers should use a particular strain of ransomware identified as DearCry and now are threatening consumers with unencrypted Microsoft Exchange server. The current goal is unfixed systems vulnerable to four individual weaknesses allegedly abused by accused Chinese government hackers.

According to the business, the Microsoft Exchange Server hack, which has not been patched with the current security updates, is at risk of becoming infected with the “DearCry” ransomware.

“After an initial breach of unpatched on-premises Exchange Servers, we discovered and are now blocking a new family of ransomware. Microsoft Security Intelligence tweeted on March 11 that it defends against the vulnerability known as Ransom: Win32/DoejoCrypt.A, as well as DearCry.

This potential enemy takes full advantage of the Hafnium group’s internet covers or misconfigurations, which bypasses four zero-day Exchange Server flaws. As per the Cybersecurity and Infrastructure Protection Agency, a web shell is a program that can be submitted to a corrupted Microsoft Exchange Server to allow remote management of the computer. 

Initially, the assault was assumed to be aimed at broad industry and government hacking, but hackers are already using the internet shells to download ransomware.

Microsoft’s Exchange Servers Face More Security Problems as Threat Actors Get Busy— Patching is Critical

In the aftermath of the Microsoft Exchange server outlook hack, Microsoft admitted further security problems late this year. Malicious hackers can now use DearCry ransomware to infect on-premises Microsoft databases if they are not updated in the preceding days. 

“Microsoft discovered a growing child of human-controlled ransomware attack customers… human operating ransomware attacks are using the Microsoft Exchange exploits to target customers.

Microsoft stated that Protector subscribers who use location services do not have to take any additional steps to obtain security. However, on Exchange Server, subscribers should prioritize the necessary software updates.

What are the Risks? Some microsoft exchange server subscribers haven’t modified their ecosystems yet, putting them in danger.

What are the consequences? In a nutshell, there’s no chance to say at this stage. According to SC Media, the primary motivation seems to be a Chinese spying operation. However, one of the initial ten clustered processes was illegal, involving malicious software ransomware installation.

Further, then intelligence objectives, there is still a lot of danger for businesses and others. These flaws enable an individual to receive messages from an Exchange server without requiring encryption or gaining access to an individual’s email address. They can eventually be used to take control of the email system.

Even though both Microsoft and safety specialists worldwide have described the condition as severe and suggested urgent fixing and scanning for the presence of web shells and other signs of vulnerability, many Microsoft Exchange users have yet to update their Exchange environments. 

“If your organization’s Microsoft Exchange server login is accessible to the web and has not been modified with the latest updates or secured by a third-party program (such as Check Point)

Is it a sting operation? Microsoft is looking into the likelihood of a data breach.

Bloomberg claimed that there might have been a breach that resulted in mass vulnerabilities before Microsoft’s release date despite the breach’s acknowledgment. 

“The microsoft exchange server respondents. who weren’t allowed to talk on the record, said a breach if there was one could have originated from one of corporation’s protection or government agencies, or independent scientists,” Bloomberg reported.

It’s possible that the leak was intentional, or that it was part of a more significant breach of security.”

Microsoft has released a new package of Security Fixes (Sus) for Combined Upgrades that are recent (and no longer employed) (CUs). “Just because these notifications are available doesn’t imply you will not have to maintain your ecosystem updated,” the company claims.