A ransomware targeting vulnerable Exchange servers is in circulation. Called DearCry, it exploits a known vulnerability and demands a bitcoin ransom to decrypt files. Companies are scrambling to apply patches, but hackers are stepping up their attacks. Microsoft stepped in to limit the damage.
Organizations around the world are scrambling to patch their Exchange servers after the appearance of ransomware exploiting a known vulnerability. This ransomware, dubbed DearCry, was detected after servers were compromised via this flaw.
The first incidents were reported as early as March 9, affecting servers in Australia, Canada and the USA. The cybercriminals are demanding ransoms in the form of bitcoin, with amounts of up to around 18,000 francs to decrypt the files. Microsoft confirmed the discovery of this new threat on Twitter.
Faced with the rapid spread of the attack, companies are rushing to apply patches. According to an analysis by Palo Alto, between March 8 and 11, 36% of vulnerable Exchange servers in Switzerland were secured. However, hackers continue to intensify their attacks, with the number of attempted exploits doubling every 2-3 hours, according to Check Point.
Microsoft has removed an exploit code published on GitHub, highlighting the dangers of distributing it. This decision sparked debate, as although the code could be useful to cybersecurity researchers, making it publicly available could facilitate attacks.
In short, companies are on high alert, but the threat persists, with hackers determined to exploit vulnerabilities, while patching and prevention efforts multiply.
Source : ICTjournal
