Recent reports indicate that several Microsoft Exchange email servers are now infected with a ransomware known as DearCry, following the exploited vulnerabilities. The Microsoft Exchange servers were exploited beginning in January, with the issues not disclosed until March 3rd. Vulnerabilities were exploited by Chinese threat actors known as Hafnium. The Wall Street Journal estimated the number of victims is about 250,000 or more.
The hack will probably stand out as one of the top cybersecurity events of the year, since Exchange is still widely used around the world. It could lead companies to spend more on cybersecurity, and encourage organizations to migrate to cloud-based email instead of running their own servers in-house.
Microsoft is urging customers to install the security patches that were released last week. Information has also been released to help customers identify if their networks have been affected.
"Because we are aware of active exploits of related vulnerabilities in the wild (limited targeted attacks), our recommendation is to install these updates immediately to protect against these attacks." stated Microsoft.
John Hultquist, vice president of analysis at FireEye’s Mandiant threat intelligence unit, said he anticipates more ransomware groups trying to cash in.
“Though many of the still unpatched organizations may have been exploited by cyber espionage actors, criminal ransomware operations may pose a greater risk as they disrupt organizations and even extort victims by releasing stolen emails,” said Hultquist.
What is Ransomware?
Ransomware is a type of malware in which the data of your computer is locked, by some sorts of encryption. The hackers usually demand payment to decrypt and return access to you. It's a difficult situation for those who are affected. Hackers often have malicious motives such as financial gain when they attack your computer with ransomware. Moreover, payment is often demanded via virtual currency like Bitcoin, so that the identity of cyber-criminals is not known. Read more about Ransomware here.
How can you Avoid Ransomware?
To protect against ransomware and other types of cyberattacks, experts suggest users follow certain practices, which include-
- Regular Updates: It is recommended to keep your browser, system and software updated regularly.
- Use a Strong Security Solution: You should use a strong security solution that provides you detection, response and removal capabilities across your entire network.
- Backup Your Data: You should also back up your data on a separate disk. If your data is in the cloud, you can reformat the disk and restore the data from previous backups.