{"id":1277,"date":"2021-03-15T15:50:02","date_gmt":"2021-03-15T10:20:02","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1277"},"modified":"2021-06-07T11:01:21","modified_gmt":"2021-06-07T05:31:21","slug":"new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/","title":{"rendered":"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers!"},"content":{"rendered":"\n

Attackers are now using a new ransomware attack named DEARCRY that hacks the Microsoft Exchange servers and was recently used in the ProxyLogon attack.<\/p><\/p>\n\n\n\n

However, Microsoft also revealed that the attackers were compromising the Microsoft Exchange servers using the ProxyLogon zero-day vulnerabilities, which is the concern of hackers while deploying the ransomware attack.<\/p><\/p>\n\n\n\n

But, somehow the hackers are misusing the vulnerabilities and executing the DEARCRY ransomware attack.<\/p><\/p>\n\n\n\n

What is DEARCRY Ransomware?<\/strong><\/h2>\n\n\n\n

According to the experts, the DEARCRY ransomware is activated on 9th March and it starts encrypting the files on the system and submitting the ransomware note to the users.<\/p><\/p>\n\n\n\n

\"New<\/figure><\/div>\n\n\n\n

Multiple users started submitting the ransom note and their corrupted file, after proper reviewing the Experts say that most of the users are from Microsoft Exchange Servers.<\/p><\/p>\n\n\n\n

Whereas, infected users also created a forum topic that states that the Microsoft Exchange server is compromised with the help of ProxyLogon vulnerabilities, and the DEARCRY ransomware is deployed.<\/p><\/p>\n\n\n\n

\"New<\/figure><\/div>\n\n\n\n

Once this forum gets published that Microsoft also confirmed that the DEARCRY ransomware is executed in human-operated attacks that targeted Microsoft Exchange servers with the help of ProxyLogon vulnerabilities present in the system.<\/p><\/p>\n\n\n\n

Experts are also able to find out 3 samples of ransomware on VirusTotal [1,2,3] and to all the things which are MingW-compiled and executable. The experts also share the path after analyzing it properly;<\/p><\/p>\n\n\n\n

C:\\Users\\john\\Documents\\Visual Studio 2008\\Projects\\EncryptFile -svcV2\\Release\\EncryptFile.exe.pdb<\/p><\/p>\n\n\n\n

Whereas several experts also think that the DearCry ransomware will try to shut down the Windows services named as ms update. The service is not from legitimate Windows services, but it plays a major role.<\/p><\/p>\n\n\n\n

\"New<\/figure><\/div>\n\n\n\n

As the ransomware is executed, it will start encrypting the files on the computer and will show the encrypted files with the extension of.CRYPT showed below.<\/p><\/p>\n\n\n\n

\"New<\/figure><\/div>\n\n\n\n

The experts also said that this ransomware also uses AES-256 + RSA-2048 while encrypting the file and executes the DEARCRY ransomware to encrypt all the files.<\/p><\/p>\n\n\n\n

\"New<\/figure><\/div>\n\n\n\n

Once the malware finished the encryption, the ransomware will automatically create a simple ransom note that was named \u2018readme.txt\u2019 on the Windows desktop. This ransom note stores two email addresses that belong to the attacker and a unique hash code which is probably of the MD4 hash.<\/p><\/p>\n\n\n\n

\"New<\/figure><\/div>\n\n\n\n

The attackers demand $16,000 for each victim and after the investigation, the experts were unable to find any weakness that helps the victims while recovering their files for free.<\/p><\/p>\n\n\n\n

What is the Resolution?<\/strong><\/h2>\n\n\n\n

Well the ransomware DEARCRY is not confirmed that it is installed in Microsoft Exchange using the ProxyLogon vulnerabilities, there is the chance that it is based on the information at the hand.<\/p><\/p>\n\n\n\n

According to the data shared by the security firm that thousands of Microsoft Exchange servers are already patched in 3 days and they are working to reduce the effect of this attack.<\/p><\/p>\n\n\n\n

The organization also said that there are more than 80,000 servers that are not patched directly by applying the updates.<\/p><\/p>\n\n\n\n

Whereas the Chief Technology Officer of Cortex Networks states that \u2018I had never seen any security patch that rated this much high, and widely spreading on Exchange server. Multiple organizations are still running the unpatched version of Exchange and they were been compromised before they apply the new updated patched into their systems, because the attackers are aware about this vulnerbilites present in the server and it may last for 2 months before the Microsoft releases a proper updated and secured patch\u2019<\/p><\/p>\n\n\n\n

Summering Up<\/strong><\/h3>\n\n\n\n

All the organizations are recommended to apply the new patch as soon as possible because this update will not only protect their mailboxes, it will also prevent unauthorized access and prevent your files from encryption.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"

Attackers are now using a new ransomware attack named DEARCRY that hacks the Microsoft Exchange servers and was recently used in the ProxyLogon attack. However, Microsoft also revealed that the attackers were compromising the Microsoft Exchange servers using the ProxyLogon zero-day vulnerabilities, which is the concern of hackers while deploying the ransomware attack. But, somehow […]<\/p>\n","protected":false},"author":2,"featured_media":1285,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"yoast_head":"\nNew DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Attackers are now using a new ransomware attack named DEARCRY that hacks the Microsoft Exchange servers and was recently used in the ProxyLogon attack. However, Microsoft also revealed that the attackers were compromising the Microsoft Exchange servers using the ProxyLogon zero-day vulnerabilities, which is the concern of hackers while deploying the ransomware attack. But, somehow […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-15T10:20:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:31:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/new-ransomware-dearcry-use-exchange-featured.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers!\",\"datePublished\":\"2021-03-15T10:20:02+00:00\",\"dateModified\":\"2021-06-07T05:31:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/\"},\"wordCount\":611,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Infosec News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/\",\"url\":\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/\",\"name\":\"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-03-15T10:20:02+00:00\",\"dateModified\":\"2021-06-07T05:31:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/","og_locale":"en_US","og_type":"article","og_title":"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers! - Xiarch Solutions Private Limited","og_description":"Attackers are now using a new ransomware attack named DEARCRY that hacks the Microsoft Exchange servers and was recently used in the ProxyLogon attack. However, Microsoft also revealed that the attackers were compromising the Microsoft Exchange servers using the ProxyLogon zero-day vulnerabilities, which is the concern of hackers while deploying the ransomware attack. But, somehow […]","og_url":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-03-15T10:20:02+00:00","article_modified_time":"2021-06-07T05:31:21+00:00","og_image":[{"width":1600,"height":800,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/new-ransomware-dearcry-use-exchange-featured.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers!","datePublished":"2021-03-15T10:20:02+00:00","dateModified":"2021-06-07T05:31:21+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/"},"wordCount":611,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Infosec News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/","url":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/","name":"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-03-15T10:20:02+00:00","dateModified":"2021-06-07T05:31:21+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/new-dearcry-ransomware-attack-is-now-targeting-microsoft-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"New DEARCRY Ransomware Attack is Now Targeting Microsoft Exchange Servers!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1277"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1277"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1277\/revisions"}],"predecessor-version":[{"id":1284,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1277\/revisions\/1284"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1285"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}