Has Your Toronto Business Been Impacted By The Microsoft Exchange Server Attack?
Computer systems in Canada were among those impacted by an extensive Microsoft Exchange Server attack earlier this month, according to the Canadian Centre for Cyber Security (CCCS). In one of the updates posted to the agency’s website, the Canadian Centre for Cyber Security stated that a new family of ransomware, known as DearCry, is actively targeting the email service due to the vulnerabilities of the service.
What Makes DearCry Unique?
What is ransomware? Ransomware is a cyberattack that immediately infects your device while holding all the information hostage until a fee has been paid. DearCry is a new variant of ransomware that encrypts files and deploys a ransom note to the victim’s device. Unlike the majority of ransomware, DearCry includes email addresses for the ransomware operators and a unique hash. The DearCry ransomware does not appear to have any weaknesses or vulnerabilities that will allow victims to regain access to their files for free.
In addition to the family of ransomware, there are also proofs of concepts attaching themselves to the Exchange vulnerabilities. The Microsoft Exchange Server’s vulnerabilities that resulted in remote code execution have been made available to the public. As a result, the vulnerabilities that are being exploited have allowed hackers to gain access to a business or organization’s network for malicious reasons. Some of the malicious activities that are a result of the attack include the exfiltration of data.
The Impact on Canadian Businesses
It is expected that the cyber espionage has a far-reaching impact and that a significant number of businesses and organizations have already been victims of the Microsoft Exchange Server attack. Canadian businesses and organizations have been urged to close a door in their Microsoft Exchange email servers that has been left partially or wide open for exploitation.
While many Canadian systems have already been patched, there are still systems that have yet to be patched. Unfortunately, it may be too late for those systems. Given the extent of the activity and the worldwide impact, it is probable that Canadian businesses and organizations have been impacted if the systems have not been patched.
Recently, we have seen an incredible amount of global activity. After Microsoft discovered the vulnerabilities in the email servers, the company released the software patch. Many businesses and organizations began to use the patches as soon as they were released to the public. However, some Canadian businesses and organizations did not use the patch that could have put an end to a potential attack on their systems.
DearCry is an Untargeted Attack
The attackers have not been targeting any particular industry or organization. The vulnerabilities have presented an opportunity to go after any unpatched system. The hackers are going to go after anything that looks vulnerable, regardless of the industry or the type of data they can gain access to. This particular attack is not targeted.
The hackers will continue to perform active scans to determine what servers have not used the patch. When the hackers discover an unpatched system, they will gladly upload malware. DearCry is a clear example of how hackers can instantly impact your systems. They take advantage of any open door just to make money and wreak havoc.
What We Do and Don’t Know About the Microsoft Exchange Server Attack
The Canadian Centre for Cyber Security has not received any clear indication of the ransomware being discovered on Canadian systems. However, the CCCS believes it is very probable that many Canadian systems have been exploited due to the global level of exploitation. According to the CCCS, some Canadian systems have been ”further compromised with malware.” However, the Communications Security Establishment did not state if the malware that has compromised Canadian systems is DearCry.
Do you believe your server could be infected with malware as a result of the recent Microsoft Exchange Server attack? Contact the IT support team at Tektonic. Call us today at (416) 256-9928 for additional help and resources.