Ransom:Win32/DoejoCrypt.A is being used to install a new strain of ransomware called “DearCry” Microsoft has begun “blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers” A proof-of-concept (PoC) code shared on Microsoft-owned GitHub by a security researcher has been taken down by the company, citing that the exploit is under active attack. The move has sparked a debate of its own, with researchers arguing that Microsoft is “silencing security researchers” by removing PoC code.
Source: https://thehackernews.com/2021/03/icrosoft-exchange-ransomware.html