Skip to main content

Microsoft massive email hack: Ransomware now targeting Microsoft Exchange vulnerabilities

Microsoft Update
(Image credit: Unsplash)

Microsoft Exchange has been under fire this week after several malicious groups targeted unpatched email server systems. Now things are only getting worse due to newly discovered ransomware known as "DearCry."

Hackers are reportedly targeting the Microsoft Exchange email server vulnerabilities with ransomware attacks, days after the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and cybersecurity researchers warned everyone about the extent of the potential threat. 

See more

Earlier this week, the global cyberattack hit 60,000 servers, including 30,000 US small businesses, towns, cities and local governments, and the European Banking Authority's email servers. While security researchers have been warning companies that use Microsoft Exchange to update their servers, several businesses are still under threat.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a statement this week to address the extent of the hack. "CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack."

While security researchers have published tools for detecting vulnerable servers, which can be found on Github, some proof-of-concept (PoC) codes have been taken down by Microsoft because even they are being actively exploited, as reported by The Hacker News.

The cyberattack continues 

The cyberattack has recently hit even more companies, with cybersecurity firm Eset (via BBC) reporting that more than 500 Microsoft Exchange email servers in the UK have been hacked. With the extent of the hack, the UK's National Cyber Security Centre has now joined US authorities.

According to the report, the amount of hacking groups exploiting the vulnerabilities has increased, with 10 hacking groups suspected to be using the exploits to target companies in 115 different countries.

Attacks are expected to continue, with cybersecurity firms stating they're having to deal with more cases.