Vulnerabilities in versions of Exchange Server have prompted Microsoft to recently release two patch patches to prevent its customers from being affected by virtual threats. However, the move has sparked a real race of cybercriminals, who now use new ramsomware to attack companies that have not updated their servers, DearCry, ZDNet points out.
Due to the increasing risk, the technology giant asks consumers to immediately install the implementations, even alerting them to the possibility that more advanced schemes, supported by states, may emerge in the coming weeks and months. According to ESET, at least 10 malicious groups are linked to Chinese authorities.
“We have detected and are now blocking a new family of ransomware used after an initial unpatched local Exchange Server compromise. Microsoft offers protection against the Ransom: Win32 / DoejoCrypt.A threat, also known as DearCry,” the company said in a tweet , adding that those who receive automatic updates are already protected.
It is not just the company that is concerned about the case, since the United States Department of Homeland Security has ordered all state agencies to act against DearCry, even directing, if necessary, the shutdown of servers.
Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 are potential targets. Exchange Online does not. According to independent security researchers, companies in Canada, Denmark, the United States, Australia and Austria suffered the consequences of the problem, only on March 9 – seven days after the last patch was released.
The North American entity, finally, strongly recommends the execution of the Test-ProxyLogon.ps1 script as soon as possible, which will assist in the detection of compromised systems.