BELOW SUPERNAV drop zone ⇩

Expert: Ransom-seeking hackers are taking advantage of Microsoft flaw

FILE – In this Wednesday, Feb. 3, 2021 file photo, the Microsoft company logo is displayed at their offices in Sydney. Microsoft and four big European Union news industry lobbying groups unveiled their plan Monday Feb. 22, 2021, to push for a system to make big tech platforms pay for news, raising the stakes in the brewing battle over whether Google and Facebook should pay for journalism. (AP Photo/Rick Rycroft, File)

MAIN AREA TOP drop zone ⇩

WASHINGTON (Reuters) — Ransom-seeking hackers have begun taking advantage of a recently disclosed flaw in Microsoft’s widely used mail server software, a researcher said late Wednesday – a serious escalation that could portend widespread digital disruption.

The disclosure, made on Twitter by Microsoft Corp security program manager Phillip Misner, is the realization of worries that have been coursing through the security community for days.

Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake down organizations across the internet.

Misner didn’t immediately respond to follow-up messages and Microsoft did not return emails seeking comment. The U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation also didn’t immediately respond.

Even though the security holes announced by Microsoft have since been fixed, organizations worldwide have failed to patch their software, leaving them open to exploitation. In Germany alone, officials have said that up to 60,000 networks remained vulnerable.

The fixes are free, but experts attribute the sluggish pace of many customers’ updates in part to the complexity of Exchange’s architecture.

All manner of hackers have begun taking advantage of the holes – one security firm recently counted 10 separate hacking groups using the flaws – but ransomware operators are among the most feared.

Those groups work by locking users out of their devices and data unless the victims cough up big chunks of digital currency. They now potentially have access “into a huge number of vulnerable systems,” said Brett Callow of Canadian cybersecurity company Emsisoft.

He said more modest companies – many of whom lack the ability or awareness to update their software – could be particularly affected by the latest variant of ransomware.

“This is a potentially serious risk to small businesses,” he said.

© 2021 Thomson Reuters.

Cybersecurity

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed

MAIN AREA MIDDLE drop zone ⇩

Trending on NewsNation

MAIN AREA BOTTOM drop zone ⇩

tt

KC Chiefs parade shooting: 1 dead, 21 shot including 9 kids | Morning in America

Witness of Chiefs parade shooting describes suspect | Banfield

Kansas City Chiefs parade shooting: Mom of 2 dead, over 20 shot | Banfield

WWE star Ashley Massaro 'threatened' by board to keep quiet about alleged rape: Friend | Banfield

Friend of WWE star: Ashley Massaro 'spent hours' sobbing after alleged rape | Banfield

Fair

la

60°F Fair Feels like 60°
Wind
5 mph SW
Humidity
57%
Sunrise
Sunset

Tonight

Partly cloudy this evening, then becoming cloudy after midnight. Low 48F. Winds light and variable.
48°F Partly cloudy this evening, then becoming cloudy after midnight. Low 48F. Winds light and variable.
Wind
4 mph N
Precip
2%
Sunset
Moon Phase
Waning Crescent