Exchange servers first compromised by Chinese hackers hit with ransomware

Dan Goodin

from Ars Technica - All content on 2021-03-13 00:03 (#5F99J)

Organizations using Microsoft Exchange now have a new security headache: never-before-seen ransomware that's being installed on servers that were already infected by state-sponsored hackers in China.

Microsoft reported the new family of ransomware deployment late Thursday, saying that it was being deployed after the initial compromise of servers. Microsoft's name for the new family is Ransom:Win32/DoejoCrypt.A. The more common name is DearCry.

We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.
- Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021

Piggybacking off Hafnium

Security firm Kryptos Logic said Friday afternoon that it has detected Hafnium-compromised Exchange servers that were later infected with ransomware. Kryptos Logic security researcher Marcus Hutchins told Ars that the ransomware is DearCry.

Read 11 remaining paragraphs | Comments

index?i=ytgzTyGpdm0:MQYQahmSupA:V_sGLiPB

index?i=ytgzTyGpdm0:MQYQahmSupA:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/