WASHINGTON (Reuters) – Ransom-seeking hackers began exploiting a bug recently unveiled in Microsoft’s widely used email server software, the company said early Thursday – a serious escalation that is spreading the widespread digital disruption can predict.
The revelation, initially made on Twitter by Microsoft Corps security program manager Phillip Misner and later confirmed by the company in Redmond, Washington, is the realization of concerns that have been running through the security community for days.
Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs would use it to shake off organizations on the Internet.
Misner did not immediately respond to follow-up messages and Microsoft did not return emails for further comment. The US Security and Infrastructure Agency and the FBI did not immediately respond.
Although the security holes that Microsoft has since announced have been fixed, organizations worldwide have failed to upload their software, leaving them open to exploitation. Experts attribute the sluggish pace of updating to many customers, in part to the complexity of Exchange’s architecture and lack of expertise. In Germany alone, officials said up to 60,000 networks remain vulnerable.
All sorts of hackers have started using the holes – one security firm recently counted ten separate hack groups using the flaws – but ransomware operators are one of the most feared.
These groups work by locking users from their devices and data unless the victims cough up large chunks of digital currency. They may now have access to a large number of vulnerable systems, ‘said Brett Callow of cybersecurity company Emsisoft.
He said that modest businesses, many of which do not have the ability or awareness to update their software, can be particularly affected by the latest variant of ransomware.
“This is a potentially serious risk for small businesses,” he said.
Reporting by Raphael Satter; edited by Gerry Doyle and Jonathan Oatis