{"id":6824,"date":"2021-04-08T16:40:08","date_gmt":"2021-04-08T15:40:08","guid":{"rendered":"https:\/\/www.n-able.com\/?p=6824"},"modified":"2023-07-17T20:54:56","modified_gmt":"2023-07-17T19:54:56","slug":"dearcry-ransomware-review","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review","title":{"rendered":"DearCry Ransomware Review"},"content":{"rendered":"

Following the discovery of the ProxyLogon Exchange vulnerabilities,\u00a0Microsoft Security Intelligence<\/a>\u00a0has identified another campaign targeting unpatched Exchange Servers\u2014this time to deliver DearCry ransomware. Of unique note here is that these DearCry attacks are \u201chuman powered<\/a>,\u201d which means they rely on attackers at keyboards executing commands rather than an automated attack.<\/p>\n

As it continues to support users with mitigation efforts against ProxyLogon, Microsoft has also released a new script-based tool you can\u00a0download here<\/a>. The tool will mitigate against current known attacks that use\u00a0CVE-2021-26855<\/a>, which is the first link in the ProxyLogon attacks. It will also run the MSERT tool and attempt to reverse any changes made by identified threats. You can read more about the tool and how to download here:\u00a0Information on One-Click Microsoft Exchange On-Premises Mitigation Tool<\/a>.<\/p>\n

It can get a little confusing when talking about vulnerabilities and cybersecurity in general if everyone is not communicating with the same technical language. There are words that are common to everyone\u2019s lexicon\u2014like patching, antivirus, or vulnerability\u2014but these words don\u2019t carry the same meaning to everyone. A quick discussion about vulnerabilities versus damage done by exploiting those vulnerabilities can help get everyone on the same page.<\/p>\n

Vulnerabilities<\/a>\u00a0are weaknesses in a system that can cause the system to behave in undesirable ways. In information technology this typically refers to anything a threat source can trigger or exploit that would compromise the confidentiality, integrity, or availability of an information system. Vulnerabilities aren’t always what cause damage. Rather, they are what allows something else to do the damage.<\/p>\n

The ProxyLogon attacks string together multiple vulnerabilities that by themselves don\u2019t do any real damage. They compromise the integrity of the target system, but otherwise cause no harm by themselves. It\u2019s what an attacker does after leveraging the vulnerabilities that can cause damage. The original Hafnium campaign was playing a long game. The attackers wanted to stay undetected and likely focused on pilfering intellectual property and other intelligence. In contrast, newer attacks leveraging ProxyLogon are being used to deliver ransomware and other destructive attacks. It\u2019s not the vulnerabilities so much as the payload being delivered by attackers that is of concern.<\/p>\n

The good news is that while the ProxyLogon vulnerabilities started out as being unpreventable, good security practices can help mitigate the scope and scale of damage done by payloads delivered by ProxyLogon. A layered approach to security is key to help protect against these types of attacks.<\/p>\n

 <\/p>\n

Lewis Pope is Head N‑sight RMM Nerd for N‑able you can follow him on Twitter at\u00a0@cybersec_nerd<\/a>.\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Following the discovery of the ProxyLogon Exchange vulnerabilities, Lewis Pope looks at what this means for MSP and their customers.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-6824","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-security"],"acf":[],"yoast_head":"\nDearCry Ransomware Review - N-able<\/title>\n<meta name=\"description\" content=\"Following the discovery of the ProxyLogon Exchange vulnerabilities, find out what what this means for MSP and their customers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DearCry Ransomware Review - N-able\" \/>\n<meta property=\"og:description\" content=\"Following the discovery of the ProxyLogon Exchange vulnerabilities, find out what what this means for MSP and their customers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-08T15:40:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-17T19:54:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"DearCry Ransomware Review\",\"datePublished\":\"2021-04-08T16:40:08+01:00\",\"dateModified\":\"2023-07-17T19:54:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review\"},\"wordCount\":437,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"articleSection\":[\"Head Nerds\",\"Security\"],\"inLanguage\":\"es\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review\",\"url\":\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review\",\"name\":\"DearCry Ransomware Review - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es#website\"},\"datePublished\":\"2021-04-08T16:40:08+01:00\",\"dateModified\":\"2023-07-17T19:54:56+00:00\",\"description\":\"Following the discovery of the ProxyLogon Exchange vulnerabilities, find out what what this means for MSP and their customers.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/es\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DearCry Ransomware Review\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/es#website\",\"url\":\"https:\/\/www.n-able.com\/es\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/es?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/es#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/es\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DearCry Ransomware Review - N-able","description":"Following the discovery of the ProxyLogon Exchange vulnerabilities, find out what what this means for MSP and their customers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review","og_locale":"es_ES","og_type":"article","og_title":"DearCry Ransomware Review - N-able","og_description":"Following the discovery of the ProxyLogon Exchange vulnerabilities, find out what what this means for MSP and their customers.","og_url":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2021-04-08T15:40:08+00:00","article_modified_time":"2023-07-17T19:54:56+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Escrito por":"Lewis Pope","Tiempo de lectura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"DearCry Ransomware Review","datePublished":"2021-04-08T16:40:08+01:00","dateModified":"2023-07-17T19:54:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review"},"wordCount":437,"publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"articleSection":["Head Nerds","Security"],"inLanguage":"es"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review","url":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review","name":"DearCry Ransomware Review - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/es#website"},"datePublished":"2021-04-08T16:40:08+01:00","dateModified":"2023-07-17T19:54:56+00:00","description":"Following the discovery of the ProxyLogon Exchange vulnerabilities, find out what what this means for MSP and their customers.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/es\/blog\/dearcry-ransomware-review#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/es\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"DearCry Ransomware Review"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/es#website","url":"https:\/\/www.n-able.com\/es","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/es?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/es#organization","name":"N-able","url":"https:\/\/www.n-able.com\/es","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/6824","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/comments?post=6824"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/6824\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/media?parent=6824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}