 "Microsoft says ransom-seeking hackers taking advantage of server flaws")
Ransom-seeking hackers have begun taking advantage of a recently disclosed flaw in Microsoft's widely used mail server software, the company said early Thursday - a serious escalation that could portend widespread digital disruption.
The disclosure, initially made on Twitter by Microsoft Corp security program manager Phillip Misner and later confirmed by the Redmond, Washington-based company, is the realization of worries that have been coursing through the security community for days.
Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake down organizations across the internet.
Misner didn't immediately respond to follow-up messages and Microsoft did not return emails seeking further comment. The U.S. Cybersecurity and Infrastructure Security Agency and the FBI also didn't immediately respond.
Even though the security holes announced by Microsoft have since been fixed, organizations worldwide have failed to patch their software, leaving them open to exploitation. Experts attribute the sluggish pace of many customers' updates in part to the complexity of Exchange's architecture and lack of expertise. In Germany alone, officials have said that up to 60,000 networks remained vulnerable.
All manner of hackers have begun taking advantage of the holes - one security firm recently counted 10 separate hacking groups using the flaws - but ransomware operators are among the most feared.
Those groups work by locking users out of their devices and data unless the victims cough up big chunks of digital currency.
They now potentially have access "into a huge number of vulnerable systems," said Brett Callow of cybersecurity company Emsisoft.
He said more modest companies - many of which lack the ability or awareness to update their software - could be particularly affected by the latest variant of ransomware.
"This is a potentially serious risk to small businesses," he said.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%