Stop DearCry Ransomware Exploits of Hafnium

Author: Venu Vissamsetty, V.P Security Research, Attivo Networks -The recent Hafnium attacks drew attention to several Microsoft Exchange Server vulnerabilities, but other groups are taking advantage of these to launch ransomware attacks. Attackers are targeting enterprises exploiting the four recent Microsoft Exchange Server vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) to deploy the DearCry ransomware. Post exploitation, attackers are moving inside the network by stealing privileged credentials from Active Directory to increase the number of systems where they deploy ransomware.