All those who are using Microsoft Exchange Servers in your server farms, you are likely to be targeted by hackers spreading DearCry Ransomware. According to a tweet posted on Microsoft’s official handle, hackers are spreading the said malware through the dangerous ProxyLogon Vulnerabilities.
The good news is that those using Microsoft Defender might not be in trouble as the security software has enough potential to thwart such attacks to the core, says the Redmond based tech giant.
Technically, ProxyLogon Vulnerability is a name given to the security flaw CVE-2021-26855, that exists in Exchange Servers of Microsoft and allows threat actors pass on the authentication of by disguising as an admin.
BleepingComputer says DearCry victims cannot go without paying ransom, as there is no freely available tool to unlock the files from the encryption algorithms.
Coming to the numbers supplied by Spyse, their research claims that over 283,000 companies might have fallen victim to the exchange server hack of Microsoft discovered last month, and only 23% of them have patched their servers with the latest security fixes. Meaning over 200,000 are still vulnerable to attacks.
In a separate statement released by MalwareHunterTeam via Twitter, the victims were mostly companies operating in Denmark, United States, Australia, Austria, Canada and New Zealand.
So, companies are being urged by the Satya Nadella led company to patch their servers with the latest fixes that are available from March 2nd,2021.
Note 1- The said vulnerability only exists on Exchange Server 2013,2016 and 2019 and excludes those using Exchange Online.
Note 2- Microsoft alleges the hackers group that targeted its exchange servers was related to China, which the Xi Jinping led nation had readily denied it as a baseless claim.
