Microsoft massive email hack: Ransomware now targeting Microsoft Exchange vulnerabilities

(Image credit: Unsplash)

Microsoft Exchange has been under fire this week after several malicious groups targeted unpatched email server systems. Now things are only getting worse due to newly discovered ransomware known as "DearCry."

Hackers are reportedly targeting the Microsoft Exchange email server vulnerabilities with ransomware attacks, days after the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and cybersecurity researchers warned everyone about the extent of the potential threat.

Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A. Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers. #DearCry @MsftSecIntelMarch 12, 2021

Earlier this week, the global cyberattack hit 60,000 servers, including 30,000 US small businesses, towns, cities and local governments, and the European Banking Authority's email servers. While security researchers have been warning companies that use Microsoft Exchange to update their servers, several businesses are still under threat.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a statement this week to address the extent of the hack. "CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack."

While security researchers have published tools for detecting vulnerable servers, which can be found on Github, some proof-of-concept (PoC) codes have been taken down by Microsoft because even they are being actively exploited, as reported by The Hacker News.

The cyberattack continues

The cyberattack has recently hit even more companies, with cybersecurity firm Eset (via BBC) reporting that more than 500 Microsoft Exchange email servers in the UK have been hacked. With the extent of the hack, the UK's National Cyber Security Centre has now joined US authorities.

According to the report, the amount of hacking groups exploiting the vulnerabilities has increased, with 10 hacking groups suspected to be using the exploits to target companies in 115 different countries.

Attacks are expected to continue, with cybersecurity firms stating they're having to deal with more cases.

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.