Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Microsoft security researcher Phillip Misner confirmed that the DearCry, or what they call DoejoCrypt, is installed in human-operated attacks using the new Microsoft Exchange exploits. Today, McAfee’s Head of Cyber Investigations John Fokker told BleepingComputer that they are seeing victims in United States, Luxembourg, Indonesia, Ireland, India, and Germany.
Source: https://www.bleepingcomputer.com/news/security/dearcry-ransomware-attacks-microsoft-exchange-with-proxylogon-exploits/