Microsoft warns of new threat to ‘unpatched’ networks

Microsoft warned late Thursday of a threat detected to unpatched networks from a new family of ransomware.

The company said it detected and is blocking against the ransomware known as DearCry.

We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.

— Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021

Microsoft said the updates on Friday are a “temporary measure” to help protect users from vulnerable machines. 

The tech giant announced earlier this month that a Chinese-sponsored hacking group known as “Hafnium” was trying to take advantage of previously unknown security weaknesses in the email application Exchange Server. 

Microsoft had described the group as a “highly skilled and sophisticated actor” and said the group had previously targeted groups across fields including law firms, think thanks, defense contractors and infectious disease researchers. 

After Microsoft’s warning, the Cybersecurity and Infrastructure Security Agency ordered federal agencies to immediately investigate, patch or disconnect systems from the Microsoft email application.