Hackers are now installing Ransomware using Hafnium Exchange Server exploit

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

server hacked

The original Hafnium server hacks were likely espionage-motivated, but now the predicted second wave driven clearly by criminal intent has started.

Microsoft has confirmed hackers are attacking unpatched Exchange servers and installing the Dearcry ransomware on some occasions.

The Dearcry ransomware then attempts to prevent Windows Update from running and installing a fix for the vulnerability. The next step is encrypting your files and then delivering a ransom note on your desktop.

While Microsoft has released a patch more than 10 days ago, Palo Alto Networks noted that 80,000 older servers are still unpatched.

“I’ve never seen security patch rates this high for any system, much less one as widely deployed as Microsoft Exchange,” said Matt Kraning, Chief Technology Officer, Cortex at Palo Alto Networks. “Still, we urge organizations running all versions of Exchange to assume they were compromised before they patched their systems, because we know attackers were exploiting these zero-day vulnerabilities in the wild for at least two months before Microsoft released the patches on March 2.”

via BleepingComputer

User forum

0 messages