{"id":46052,"date":"2021-03-25T03:04:00","date_gmt":"2021-03-25T07:04:00","guid":{"rendered":"http:\/\/blog.cybercon1.com\/?p=46052"},"modified":"2021-03-25T03:04:00","modified_gmt":"2021-03-25T07:04:00","slug":"dearcry-ransomware-unleashed-in-microsoft-exchange-hack","status":"publish","type":"post","link":"https:\/\/blog.cyberconservices.com\/index.php\/2021\/03\/25\/dearcry-ransomware-unleashed-in-microsoft-exchange-hack\/","title":{"rendered":"DearCry Ransomware Unleashed In Microsoft Exchange Hack"},"content":{"rendered":"\n<p>Not that this real news to anyone paying attention to tech but it is not just about the hack.  The real point here is there are far to many servers out there that cannot be patched because they are too old.  Unfortunately many organizations look on IT infrastructure as a buy and forget proposition.  Until something crashes they do not see the value in investing additional resources for maintenance and will not replace the hardware until it goes belly up.  This short-sighted approach only allow hacks like this one to have a greater impact than it would with appropriate hardware and OS refresh cycles, proper maintenance and of course end point security. <\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.pixabay.com\/photo\/2020\/06\/12\/19\/02\/artificial-intelligence-5291510__340.jpg\" alt=\"\" width=\"857\" height=\"284\"\/><\/figure><\/div>\n\n\n\n<p>Adversaries are deploying DearCry <strong>ransomware<\/strong> on victim systems after hacking into on-premise Microsoft <strong>Exchange <\/strong>servers that remain unpatched, Microsoft acknowledged late Thursday.<\/p>\n\n\n\n<p>\u201cMicrosoft observed a new family of human operated ransomware attack customers,\u201d Microsoft Security Program Manager Phillip Misner tweeted at 9:19 p.m. ET Thursday. \u201cHuman operated ransomware attacks are utilizing the Microsoft <strong>Exchange<\/strong> vulnerabilities to exploit customers.\u201d<\/p>\n\n\n\n<p>Misner\u2019s tweet came less than two hours after BleepingComputer reported that threat actors were taking advantage of new zero-day ProxyLogin&nbsp;<a href=\"https:\/\/www.crn.com\/news\/security\/microsoft-exchange-server-attacked-by-chinese-hackers\">vulnerabilities in Microsoft <strong>Exchange<\/strong> servers<\/a>&nbsp;to install the DearCry ransomware. Microsoft Defender customers who receive automatic updates are now protected against this <strong>ransomware<\/strong> without having to take any action, according to Microsoft Security Intelligence.<\/p>\n\n\n\n<p>\u201cWe have detected and are now blocking a new family of <strong>ransomware <\/strong>being used after an initial compromise of unpatched on-premises <strong>Exchange<\/strong> Servers,\u201d Microsoft Security Intelligence tweeted to 11:53 p.m. ET Thursday. \u201cMicrosoft protects against this threat known as \u2026 DearCry.\u201d  <a href=\"https:\/\/www.google.com\/url?rct=j&amp;sa=t&amp;url=https:\/\/www.crn.com\/news\/security\/dearcry-ransomware-unleashed-in-microsoft-exchange-hack&amp;ct=ga&amp;cd=CAEYACoTMzMxNjU2MzE1MTU1MzE1NDAzODIaZjk1ZDdkNTc3NTkyZGUyMTpjb206ZW46VVM&amp;usg=AFQjCNFsXzrw50HEEvOzKGcMeZqzIPsO2Q\">Read On:<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Not that this real news to anyone paying attention to tech but it is not just about the hack. The real point here is there are far to many servers out there that cannot be patched because they are too <span class=\"excerpt-dots\">&hellip;<\/span> <a class=\"more-link\" href=\"https:\/\/blog.cyberconservices.com\/index.php\/2021\/03\/25\/dearcry-ransomware-unleashed-in-microsoft-exchange-hack\/\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12,636],"tags":[183,637],"class_list":["post-46052","post","type-post","status-publish","format-standard","hentry","category-exchange","category-ransomware","tag-exchange","tag-ransomware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/46052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/comments?post=46052"}],"version-history":[{"count":0,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/46052\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media?parent=46052"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/categories?post=46052"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/tags?post=46052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}