• Advertise
  • Jobs
  • Freelance Gigs
  • Motoring
  • Money
Saturday, May 21, 2022
  • Login
  • Startups
    • About US
  • Reviews
  • Business
  • Motoring
  • Blockchain
    • Crypto News
  • Insider
    • Obituaries
  • Women
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition
  • Columnists
No Result
View All Result
  • Startups
    • About US
  • Reviews
  • Business
  • Motoring
  • Blockchain
    • Crypto News
  • Insider
    • Obituaries
  • Women
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition
  • Columnists
No Result
View All Result
TechMoran
No Result
View All Result
Home Tech

DearCry, prototype ransomware, takes advantage of Microsoft Exchange Server vulnerabilities

Following the reporting of the Microsoft Exchange vulnerabilities and the out-of-band release of security patches on March 2nd 2021, security researchers have started to identify other adversaries beyond Hafnium exploiting these bugs to launch attacks.  One of these is DearCry ransomware.   

Sophos has today published an analysis of samples of DearCry ransomware: “DearCry attacks exploit Exchange server vulnerabilities,” The article outlines some new and interesting discoveries about its encryption behaviour and more. Some of the key findings are summarized in the following commentary from Mark Loman, a ransomware expert at Sophos and director, engineering technology office.  

If you are writing a story about DearCry and other ransomware attacks, please feel free to use Mark’s comments. We can also arrange an interview with Loman and other threat experts, as needed. 

“Our analysis of DearCry ransomware samples has uncovered a rare encryption attack behaviour: a ‘hybrid’ approach. The only other ransomware I’ve investigated over the years that employed a hybrid approach was WannaCry, and this was auto spreading rather than human operated like DearCry. Both first create an encrypted copy of the attacked file, an approach we call ‘copy’ encryption, and then overwrite the original file to prevent recovery, what we call ‘in-place’ encryption. ‘Copy’ ransomware allows victims to potentially recover some data. However, with ‘in-place’ encryption, recovery via undelete tools is impossible. Notorious human-operated ransomware like Ryuk, REvil, BitPaymer, Maze and Clop, use ‘in-place’ encryption only.  

“There are a number of other similarities between DearCry and WannaCry, including the names and the header added to encrypted files. These do not automatically link DearCry to WannaCry’s creator. DearCry’s code, approach and abilities differ significantly from WannaCry; it does not use a command-and-control server, has an embedded RSA encryption key, shows no user interface with a timer and – most importantly – does not spread itself to other machines on the network.

 “We found a number of other unusual DearCry characteristics, including the fact that the ransomware actor has been creating new binaries for new victims. The list of file types targeted has evolved from victim-to-victim too. Our analysis further shows that the code does not come with the kind of anti-detection features you would normally expect with ransomware, like packing or obfuscation. These and other signs suggest that DearCry may be a prototype, possibly rushed into use to seize the opportunity presented by the Microsoft Exchange Server vulnerabilities, or created by less experienced developers.

 “Defenders should take urgent steps to install Microsoft’s patches to prevent exploitation of their Exchange Server. If this is not possible, the server should be disconnected from the internet or closely monitored by a threat response team.”  – Mark Loman, director, engineering technology office, Sophos

Readers 1,350

Share

  • Click to share on Telegram (Opens in new window)
  • More
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)

Like this:

Like Loading...

Related

Milcah Lukhanyu

Milcah Lukhanyu

Milcah Lukhanyu covers daily news briefs at TechMoran. She is the person who will probably read your press release and get the story out of it or totally trash it. Send tips to editor@techmoran.com

Related Posts

More Mini Apps are Coming to the M-PESA App, including Customized Statement Requests.
Tech

The 8th leg of the Safaricom Golf Tour is to take place this weekend at Nyali Golf Club.

by Yvone Kendi
May 20, 2022
0

The Safaricom Golf Tour will visit Nyali Golf Club in Mombasa County this weekend for the series' eighth leg. The...

According To Google, Android 13 Beta Will Enable Braille Displays
Tech

According To Google, Android 13 Beta Will Enable Braille Displays

by Vanessa Waithera
May 20, 2022
0

Android 13 Beta will have native support for braille displays, with the goal of making the platform more accessible to...

linkedin
Tech

LinkedIn Boosts Fees Due To The Inclusion Of VAT

by Vanessa Waithera
May 20, 2022
0

Following the implementation of the 16 percent value-added tax (VAT) on digital transactions, LinkedIn has increased membership fees

facebook australia

Meta Has Paused Hiring For Different Departments As They Failed To Reach Their Revenue Targets

May 19, 2022
If you abuse your Galaxy Z Flip 3, Samsung will find out & your warranty will be voided.

Samsung Galaxy Z Flip 4: Impressive performance for the model

May 19, 2022
Understanding NFT: How to Break Into the World of Crypto

Understanding NFT: How to Break Into the World of Crypto

May 19, 2022
Please login to join discussion
  • Advertise
  • Jobs
  • Freelance Gigs
  • Motoring
  • Money

© 2022 TechMoran Ltd, All Rights Reserved.

No Result
View All Result
  • Startups
    • About US
  • Reviews
  • Business
  • Motoring
  • Blockchain
    • Crypto News
  • Insider
    • Obituaries
  • Women
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition
  • Columnists

© 2022 TechMoran Ltd, All Rights Reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version
%d bloggers like this: