• Thu. Aug 18th, 2022

Exchange servers first compromised by Chinese hackers hit with ransomware


Mar 13, 2021
Skull and crossbones in binary code

Enlarge (credit: Getty Images)

Organizations using Microsoft Exchange now have a new security headache: never-before-seen ransomware that’s being installed on servers that were already infected by state-sponsored hackers in China.

Microsoft reported the new family of ransomware deployment late Thursday, saying that it was being deployed after the initial compromise of servers. Microsoft’s name for the new family is Ransom:Win32/DoejoCrypt.A. The more common name is DearCry.

Piggybacking off Hafnium

Security firm Kryptos Logic said Friday afternoon that it has detected Hafnium-compromised Exchange servers that were later infected with ransomware. Kryptos Logic security researcher Marcus Hutchins told Ars that the ransomware is DearCry.

Read 11 remaining paragraphs | Comments

Leave a Reply

Your email address will not be published.