Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Palo Alto Networks: DearCry is a new ransomware which exploits the Microsoft Exchange Server vulnerabilities. The malware uses AES-256 and RSA-2048 to encrypt files, and the ransom note includes 2 email addresses to contact for pay
DearCry is a new ransomware which exploits the four zero-day Microsoft Exchange Server vulnerabilities. It has been confirmed by the company itself. According to the cybersecurity experts, cybercrime actors use it after an initial compromise of unpatched servers. As Palo Alto Networks Unit 42 reports, the malware, when executed, uses AES-256 and RSA-2048 to encrypt victim files, while also modifying file headers to include the string ‘DEARCRY!’. As with a majority of ransomware variants, it deploys a ransom note to the victim’s desktop. However, instead of demanding a fixed ransom amount and including a Bitcoin wallet address, DearCry’s note includes two email addresses that the victim is asked to contact, as well as a request for a provided hash to be sent.