reported the new family of ransomware deployment late Thursday, saying that it was being deployed after the initial compromise of servers. Microsoft’s name for the new family is Ransom:Win32/DoejoCrypt.A. The more common name is DearCry.
We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.
— Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021
Piggybacking off Hafnium
Security firm Kryptos Logic said Friday afternoon that it has detected Hafnium-compromised Exchange servers that were later infected with ransomware. Kryptos Logic security researcher Marcus Hutchins told Ars that the ransomware is DearCry.
Read 11 remaining paragraphs | Comments