Company released updates as a temporary fix to defend against the ransomware attacks


Microsoft says that unpatched networks are in the danger of being attacked by ransomware. (Credit: Pete Linforth from Pixabay)

Microsoft has issued a warning of a new ransomware threat against unpatched networks from Chinese hackers, who are allegedly attacking organisations with on-premises Exchange Server.

The company said that it has identified and blocked a “new family of ransomware”. The ransomware family was seen to be attacking servers that are yet to patch vulnerabilities following a major security breach that occurred last week.

On Friday, Microsoft released updates that were said to be a temporary fix to defend against attacks, which were already taking place in various places.

Microsoft Security Intelligence tweeted: “We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.”

The company said that a broad attack is being carried out and the severity of the exploits makes it critical to protect systems. It further stated that the extraordinary situation needs to be addressed with a heightened approach.

Apart from its regular software updates, the company said that it is offering specific updates for older and out-of-support software so that it is easy to quickly protect businesses that are vulnerable from the attacks.

Earlier this month, the company claimed to have discovered hackers, who are suspected to be sponsored by the Chinese state, for exploiting previously unknown vulnerabilities in its Exchange business email software.

The company said that although it had released a patch for those systems, hackers are in pursuit of firms that are yet to install its fix.

Microsoft said that it has been working with cyber security company RiskIQ to assess the ongoing attacks on servers.

The company said that a total universe of around 400,000 Exchange servers was seen on 1 March. By 9 March, there were a little over 100,000 servers that are still vulnerable.

Microsoft said that it had rolled out an additional set of updates since then, and has overall released updates covering over 95% of all versions exposed on the internet.