Login

***tarekma7*** · 03-12-2021 , 04:13 PM

Quote:Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.

Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.

Unfortunately, tonight our fears became a reality, and threat actors are using the vulnerabilities to install the DearCry ransomware.

The DearCry ransomware

According to Michael Gillespie, the creator of the ransomware identification site ID-Ransomware, starting on March 9, users began submitting a new ransom note and encrypted files to his system.

After reviewing the submissions, Gillespie discovered that users submitted almost all of them from Microsoft Exchange servers.

On March 9, a victim also created a forum topic in the BleepingComputer forums where they state their Microsoft Exchange server was compromised using the ProxyLogon vulnerabilities, with the DearCry ransomware being the payload.

Continue reading HERE

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Ransomware: the most high-profile attacks of 2023 Kaspersky Blog	mrtrout	0	1,228	02-20-2024 , 11:59 PM Last Post: mrtrout
	Over 640 Citrix servers backdoored with web shells in ongoing attacks	mrtrout	0	940	08-03-2023 , 07:56 PM Last Post: mrtrout
	Ransomware gang uses new Microsoft Exchange exploit to breach servers	*tarekma7*	0	768	12-21-2022 , 09:00 AM Last Post: *tarekma7*
	The Week in Ransomware - July 22nd 2022 - Attacks abound	mrtrout	0	854	07-24-2022 , 03:00 AM Last Post: mrtrout
	US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs	mrtrout	0	762	09-23-2021 , 08:11 PM Last Post: mrtrout