Ransom-seeking hackers have begun to take advantage of a recently revealed flaw in Microsoft’s widely used mail server software, a researcher said Wednesday night, a serious escalation that could herald widespread digital disruption.
The disclosure, made on Twitter by Microsoft Corp security program manager Phillip Misner, is an understanding of the concerns that have been roaming the security community for days.
Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake up organizations on the Internet.
Misner did not immediately respond to follow-up messages, and Microsoft did not return the emails seeking comment. The U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation also did not immediately respond.
Although the security holes announced by Microsoft have been fixed, organizations around the world have not patched their software, leaving them open to exploitation. In Germany alone, officials have said that up to 60,000 networks remained vulnerable.
The fixes are free, but experts attribute the slow pace of updates for many customers in part to the complexity of the Exchange architecture. All kinds of hackers have started to exploit the holes – a security company recently counted 10 groups of independent hackers using the flaws. But ransomware operators are among the most feared.
Those groups work by blocking users from their devices and data unless victims drop large chunks of digital currency. They now potentially have access “to a large number of vulnerable systems,” said Brett Callow of Canadian cybersecurity company Emsisoft.
He said that more modest companies, many of which lack the capacity or knowledge to update their software, could be particularly affected by the latest ransomware variant. “This is a potentially serious risk for small businesses,” he said.