In the wake of the ongoing rush to patch the four vulnerabilities affecting Microsoft Exchange servers, a new Ransomware called DearCry has begun to exploit those vulnerabilities. Since Microsoft confirmed its existence on March 11th under the name DoejoCrypt, the number of reported ransomware incidents affecting Exchange Servers with DearCry is increasing. Some of the initial actions taken by DearCryduring the initial execution of the ransomware include an attempt to disable a service with the name “msupdate.” This could be a poor attempt to prevent patching (windows update service is called wuauserv) or an attempt to avoid competition with other malware families. In either case, the reason is still unknown, but more will likely be known about DearCry as the days carry on.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is