Microsoft Email Servers Plagued With New Ransomware

Microsoft email servers

Microsoft has alerted users that new ransomware is allegedly exploiting its email servers. According to the company sources, nearly five different hacking groups are attacking the business email servers and a new family of ransomware has been detected. The ransomware has been named as DearCry and is being used after an initial compromise of unpatched on-premises Exchange Servers.

The DearCry ransomware makes use of the same four security vulnerabilities that emerged from a China-backed hacking group Hafnium. The Redmond-based tech giant took to Twitter and disclosed that they have detected the ransomware and currently involved in blocking new ransomware and its child partners. The company confirmed that ransomware compromised the unpatched on-premises Exchange servers. Microsoft has termed the new ransomware as Ransom:Win32/DoejoCrypt.A also called as DearCry.

The company added that Microsoft Defender customers who make use of automatic updates need not have to take any action to receive patches. Microsoft had announced the expansion of the enterprise-grade identity and access management protection service called AccountGuard to all high-risk members across 31 countries free of cost. This is to prevent any future attacks by threat actors including China on its business email servers.

[penci_related_posts dis_pview=”no” dis_pdate=”no” title=”Related Posts” background=”” border=”” thumbright=”no” number=”4″ style=”list” align=”none” withids=”” displayby=”recent_posts” orderby=”rand”]

Microsoft AccountGuard provides notification about cyberthreats, which includes attacks by known nation-state actors. The information will be delivered across email systems managed by organizations and the personal accounts of staff members. The Chinese-based Hafnium is constantly targetting Microsoft Exchange servers. The US Government has termed the incident as widespread domestic and international exploitation that could potentially affect thousands of victims globally.

The Microsoft Exchange Server is mainly used by enterprise and business customers. Microsoft is regularly releasing several security updates to resolve the security vulnerabilities. If you are a customer, you should install the updates immediately to avoid problems with your server.

Post COVID-19, China has been indulging in a series of cyberattacks in a bid to derail the Global economy. China has been isolated on all fronts because of the origin of the COVID-19. India has banned several apps including PUBG, Aliexpress, TikTok after the deadly border clash between Indian and Chinese forces. The future will be tense when it comes to China and we have to be careful to defend our computer systems.

Anand Narayanaswamy is the editor-in-chief of Netans. He was recognized as a Microsoft Most Valuable Professional (MVP) for 9 years (2002 to 2011) and again as a Microsoft MVP in Surface under Windows and Devices in January 2024. He worked as a Chief Technical Editor with ASPAlliance and was part of ASPInsider program. Anand has published several articles and reviews related to various software and hardware products for various software and technology related websites. He is also active on social media and also participates as an Influencer for various brands. Anand can be reached at