Exchange servers first compromised by Chinese hackers hit with ransomware

Exchange servers first compromised by Chinese hackers hit with ransomware

Enlarge (credit: Getty Images)

Now organizations using Microsoft Exchange have a new security headache: never-before seen ransomware that’s being installed on servers that were already infected by state-sponsored hackers in China.

Microsoft reported the new family of ransomware deployment late Thursday, saying that it was being deployed after the initial compromise of servers. Microsoft’s name for the new family is Ransom:Win32/DoejoCrypt.A. The more common name is DearCry.

Piggybacking off Hafnium

Security firm Kryptos Logic said Friday afternoon that it has detected Hafnium-compromised Exchange servers that were later infected with ransomware. Kryptos Logic security researcher Marcus Hutchins told Ars that the ransomware is DearCry.

Read 11 remaining paragraphs | Comments

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top