{"id":60066,"date":"2021-03-24T15:19:27","date_gmt":"2021-03-24T15:19:27","guid":{"rendered":"https:\/\/owncloud.com\/?p=60066"},"modified":"2021-03-24T15:19:27","modified_gmt":"2021-03-24T15:19:27","slug":"proxylogon-hafnium-exchange-ransomware","status":"publish","type":"post","link":"https:\/\/owncloud.com\/de\/blogs\/proxylogon-hafnium-exchange-ransomware\/","title":{"rendered":"The ProxyLogon\/Hafnium Exchange hack now packs a Ransomware threat. Are you prepared?"},"content":{"rendered":"<p>A lot of IT managers currently suffer from Microsoft Exchange server vulnerabilities known as ProxyLogon\/Hafnium that expose networks to malicious interference. Analysts have <a href=\"https:\/\/www.volexity.com\/blog\/2021\/03\/02\/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">first seen the attack chain in early January<\/a>. <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/\" target=\"_blank\" rel=\"noopener\">Microsoft has published patches and a warning in early March<\/a>.<\/p>\n<h4>The threat from the ProxyLogon\/Hafnium Exchange vulnerability evolves<\/h4>\n<p>While we are not in the business of protecting Exchange Servers, we are in the business of keeping files safe. In mid-March, Microsoft reported that the ProxyLogon\/Hafnium vulnerabilities were now exploited for ransomware attacks.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32\/DoejoCrypt.A, and also as DearCry.<\/p>\n<p>&mdash; Microsoft Security Intelligence (@MsftSecIntel) <a href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1370236539427459076?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">March 12, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Once a network is breached using the ProxyLogon\/Hafnium attack chain, intruders can leave backdoors, delete back-ups, install crypto miners and encrypt files.<\/p>\n<h4>Protect your Organization against Ransomware<\/h4>\n<p>ownCloud Enterprise offers comprehensive prevention, detection and damage control to successfully handle such situations. With our Ransomware Protection app, admins automatically block a large number of known techniques, and quickly flag anomalies. If need be, admins can use it to restore all files to the status quo ante, optionally on a per-user-basis.<\/p>\n<p>Learn more <a href=\"https:\/\/owncloud.com\/features\/ransomware-protection\/\" target=\"_blank\" rel=\"noopener\">about ownCloud&#8217;s Ransomware Protection<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The massive vulnerability in unpatched Microsoft Exchange on-prem installations now provides attackers with an easy entry for their ransomware.<\/p>\n","protected":false},"author":7,"featured_media":1996,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[43,360],"tags":[],"class_list":["post-60066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/60066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/comments?post=60066"}],"version-history":[{"count":4,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/60066\/revisions"}],"predecessor-version":[{"id":60085,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/60066\/revisions\/60085"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/media\/1996"}],"wp:attachment":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/media?parent=60066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/categories?post=60066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/tags?post=60066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}