Past two weeks evidence the dominance of the cyber-security news about Microsoft Exchange Server ProxyLogon vulnerabilities.
Gilliespie, cyber security researcher, noted that these vulnerabilities were exploited by DearCry ransomware developers to target the Microsoft Exchange Servers.
If you are using Microsoft Exchange server, you should take OWA or the patch the server. In addition to this, perform an offline backup of the server so as to avoid being encrypted, if compromised.
Other big news of the week is the REvil ransomware operators planning on DooS victims and calling the business partners belong to them to force vicitms into paying the demanded sum.
And, there are several new ransomware attacks against organizations including Molson Coors and the Spanish government.
6th March 2021
REvil gangs to call victim’s business partners to pay ransom
The ransomware operation announced this week. The threat actors are using DDoS attacks and voice calls to journalists and victims’ business partners to generate ransom fee.
Jessy ransomware in the wild
The malware is discovered by Jakub Kroustek. This discovery adds yet another variant of Dharma ransomware. It appends .Jessy extension to the filenames of the encrypted files.
7th March 2021
New ROG Dharma virus
The credit of this discovery goes to Jakub Kroustek. This Dharma variant appends .ROG extension to the encrypted files.
8th March 2021
New Sarbloh ransomware showing support to Indian farmer’s protest
A new Sarbloh ransomware encrypts stored files and soon drops a ransom note. The ransom message shows support for the protest of Indian farmers.
Cyber attack at Flagstar Bank
The US bank and mortgage lender suffered a data breach, results in their customers and employees’ data exposure. It was discovered that CLOP ransomware developers hacked their Accelion file transfer server in January.
New Martix ransomware variant
Dnwls0719 discovered a new Matrix ransomware variant that appends .JDPR extension. It shows ransom note in JDPR_README.rtf.
9th March 2021
Arrest of a South Korean for phishing attacks
The attacker is suspected to be a member of GandCrab Ransomware, using Phishing emails to infect victims.
Bad Gopher ransomware in the wild
S!Ri discovered this ransomware. The malware appends the filenames of the encrypted files using .gopher extension.
10th March 2021
Ransomware attack on 700 Spanish government labor agency officers
SEPE systems belong to the Spanish government agency for labor were taken down after attacked by Ryuk ransomware. The attack hit more than 700 agency offices of Spain.
New STOP ransomware variant
Michael Gillespie a DJVU/STOP variant that encrypts stored files using .reig and .tirp extensions to encrypt files.
Darkside ransomware 2.0
Hackers on Russian-speaking hacker forum announced about this release. 3xport was the first to observe this.
11th March 2021
Cyber attack on Molson Coors
Molson Coors, beverage company, has suffered a cyber attack as a result of which there is significant distruption to their business operations.
A new ransomware infiltrates through Microsoft Exchange Servers’ ProxyLogon vulnerabilities exploit
DearCry is the ransomware. After hacking into Microsoft Exchange Servers using the recently disclosed ProxyLogon vulnerabilities, the threat actors belong ensure the virus installation.
Michael Gillespie was the first to observe this the newly DearCry ransomware was targeting the exchange servers.
New Dharma ransomware variants
Jakub Kroustek discovered new Dharma ransomware variants that append .biden, .eofyd and .duk extensions.
12th March 2021
New Dharma ransomware variant
Jakub Kroustek found new Dharma ransomware variants that append .LAO and .Pirat extensions.