A new ransomware called Dearcry exploits a security vulnerability in Microsoft Exchange servers to deploy a damaging attack, Microsoft said.
Microsoft and other security personnel said the ransomware Dearcry appeared on a server compromised by a Chinese hacker group.
Microsoft SecurityIntelligence tweeted, “We have detected the new ransomware on Exchange servers that have not yet been patched for vulnerabilities and are now successfully intercepted.”
Other researchers, including ID Ransomware founder Michael Gillespie, noted that the software triggered a new wave of ransomware attacks, causing computer systems to be encrypted and requiring users to pay a ransom.
This is the latest sign that Microsoft’s security vulnerability, announced this month, may become a variety of Hackers, cybercriminals and cyber espionage can take advantage of.
The media reported that Taiwan-based information security company DEVCORE discovered two new vulnerabilities as early as December last year and notified Microsoft on January 5. But on January 3 (two days before DEVCORE disclosed them to Microsoft), hackers began using one of the same security vulnerabilities to access Microsoft Exchange servers and hack into emails.
Sources familiar with the matter said Microsoft is investigating whether the hackers used Dave Koll’s notification to copy out a way to attack this vulnerability.
Recent Comments