Ransomware targeting unpatched Exchange servers appears to have been rushed to market. Security firm Sophos has published a teardown of the new DearCry ransomware, which it describes as being “unsophisticated” and apparently “created by a beginner” DearCry targets a critical proxy-logon flaw in Microsoft Exchange email servers, which was one of four zero-day flaws Microsoft patched via software updates issued on March 2. The code does not come with anti-detection features you would normally expect with ransomware, like packing or obfuscation, Sophos says.”]
Source: https://www.cuinfosecurity.com/rushed-to-market-dearcry-ransomware-targeting-exchange-bug-a-16189