



The director of Canadas Cyber ​​Center is urging organizations to close a door in their Microsoft Exchange mail servers that had been left wide open to hackers. While many companies have already patched their systems, some have not yet and for those companies it may already be too late. Given the global activity, it is very likely that Canadian organizations have been affected if they did not make fixes, explained Scott Jones, director of the Canadian Center for Cyber ​​Security (Cyber ​​Center), in a statement. interview with Global News. The past two weeks have been a wave of activity. Most organizations started applying fixes immediately, within minutes of the fixes being released. Read more: Canadian systems compromised by malware in Microsoft Exchange breach, officials say The story continues under the ad On March 2, Microsoft discovered a vulnerability in its mail servers that allowed hackers to infiltrate systems, compromising thousands of servers around the world with malware. The company released a software patch to stop it, but some Canadian companies still haven’t used this patch.









Jones explained that the attackers did not target specific organizations, but rather view the vulnerability as a vulnerability for all. No uncorrected system is prohibited, he warned. They're looking for volume here. They will compromise anything that seems vulnerable, no matter who they are. It's not targeted, Jones said. Cyber ​​Center wrote in a recent vulnerability update that malicious actors are actively scanning to see if any servers have yet to be patched. Once discovered, hackers step through this open door to download malware, including a new type of ransomware called DearCry. The story continues under the ad Read more: Ransomware demands double amid COVID-19, healthcare sector key target, report says Ransomware is a type of cyber attack that infects your device, holding your information hostage until you pay a fee.

Father of teenager fatally stabbed at Leduc school thanks community for support DearCry, the new variant of the ransomware, has been explained by cybersecurity firm Palo Altos Unit 42 as a kind of malicious ransomware that encrypts victims’ files and deploys a ransom note on the victims desktop. Unlike most ransomware, which often requires a fixed ransom amount and can include a Bitcoin wallet address, DearCry includes email addresses that the victim is invited to contact.









In their explanation, the Unit 42 researchers echoed Jones’ advice that all Microsoft Exchange servers should be updated immediately to include the corrected versions. The story continues under the ad (DearCry) is a perfect example of how threat actors can impact the threat landscape by leveraging newly revealed vulnerabilities to make a quick profit, the researchers wrote. Although the Cyber ​​Center has not yet received any clear report on the appearance of DearCry ransomware on Canadian systems, a spokesperson for the Communications Security Establishment (CSE) told Global News that the malware is used all over the world. We have seen reports that DearCry ransomware is being used worldwide against compromised networks related to the Microsoft Exchange vulnerability. Not specifically systems in Canada, Evan Koronewski said in an emailed statement.









Despite the lack of actual reports of DearCry’s invasion of Canadian systems, Jones said the level of global exploitation makes it very likely. In fact, it is almost certain that there will be casualties in Canada because of it, he said. The story continues under the ad Read more: Ransomware Attacks on Critical Canadian Companies Almost Certain to Continue, Report Says In an emailed statement to Global News on Tuesday evening, the CSE confirmed that some of the unpatched systems in Canada “have been further compromised by malware.” However, he did not say whether DearCry was the malware in question. Jones added that it may be difficult for the Cyber ​​Center to provide firm figures on the scope of any cyberattack in Canada, as victims have to report it themselves to the center and this is something they do not. don’t always, Jones added. We are not speaking on their behalf. It is up to them to tell their customers, or their employee (s) in this case, if they have been the victim of a cyber incident. But we need them to report, Jones said. If you suspect that your server might be infected with malware due to the Microsoft Exchange vulnerability, you can email the Cyber ​​Center at [email protected] or reach them by phone at 1-833-292 -3788. © 2021 Global News, a division of Corus Entertainment Inc.







