Microsoft detects, blocks new wave of security threats

Microsoft has detected and blocked another wave of security threats attacking still-vulnerable servers. (Photo by John Smith/VIEWpress) (VIEW press via Getty Images)

Microsoft (NASDAQ: MSFT) has detected and blocked a “new family of ransomware” that was being used against servers that still hadn’t patched vulnerabilities after last week’s major security breach.

The updates it released on Friday are a temporary measure to defend against attacks, which were already occurring in many places, the company said.

The company discovered suspected Chinese state-sponsored hackers were exploiting previously unknown vulnerabilities in Microsoft’s widely used Exchange business email software earlier in March.

• Read now: Microsoft email servers attacked by Chinese hackers

Even as it issued a patch for those systems, hackers rushed to find companies that had yet to install Microsoft’s fix.

BitSight Technologies, a Boston-based cybersecurity firm, said that based on internet-wide scans it had done this week nearly one-third of vulnerable Microsoft Exchange customers have yet to patch their systems.

Those customers would are now also vulnerable to the new ransomware attacks until those patches are installed.

WATCH ABOVE: White House describes Microsoft cyber hack as 'significant'

Hackers are using the weaknesses introduced in the original attacks, including secret entry points inserted in victims’ systems, to gain access.

Governments have been hounding businesses to install the patches — the Australian government has issued at least three warnings in nine days — and Microsoft has warned organisations to take urgent action to forestall damage.

This latest update “means that Microsoft is concerned that people haven’t patched,” said Robert Potter, a cybersecurity expert based in Canberra, Australia.

“If you’ve already been hit there’s very little you can do. You better hope your backups work, because you’re not going to get decrypted.”

Ransomware targets so far have been small to medium-sized organisations victimised by hackers using relatively simple malware dubbed DOJOCRYPT or DearCry, said Kimberly Goody, senior manager of cybercrime analysis at Mandiant Threat Intelligence. Small companies are less likely to have dedicated IT staff to install patches immediately.

The network monitoring firm RiskIQ, working closely with Microsoft, says the number of vulnerable Exchange servers has plummeted in the last 10 days, from hundreds of thousands down to about 83,000.

But their data analysis also shows that networks for banks, health care and pharmaceutical institutions remain vulnerable, as do systems for federal, state and local governments.

“If SolarWinds was a tactical missile strike, this one was a nuclear bomb,” said Elias Manousos, CEO and founder of RiskIQ. “Attackers are just trying to create as much chaos as possible.”

—with Bloomberg

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.