A lot of IT managers currently suffer from Microsoft Exchange server vulnerabilities known as ProxyLogon/Hafnium that expose networks to malicious interference. Analysts have first seen the attack chain in early January. Microsoft has published patches and a warning in early March.
The threat from the ProxyLogon/Hafnium Exchange vulnerability evolves
While we are not in the business of protecting Exchange Servers, we are in the business of keeping files safe. In mid-March, Microsoft reported that the ProxyLogon/Hafnium vulnerabilities were now exploited for ransomware attacks.
We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.
— Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021
Once a network is breached using the ProxyLogon/Hafnium attack chain, intruders can leave backdoors, delete back-ups, install crypto miners and encrypt files.
Protect your Organization against Ransomware
ownCloud Enterprise offers comprehensive prevention, detection and damage control to successfully handle such situations. With our Ransomware Protection app, admins automatically block a large number of known techniques, and quickly flag anomalies. If need be, admins can use it to restore all files to the status quo ante, optionally on a per-user-basis.
Learn more about ownCloud’s Ransomware Protection!