Dearcry

In March 2021, Microsoft released patches for four critical vulnerabilities in Microsoft Exchange servers. These vulnerabilities have been actively exploited in various attack campaigns. DearCry is a ransomware variant designed to exploit these vulnerable Microsoft Exchange servers. The malware performs a drive enumeration to identify all storage media accessible from an infected machine. For each of these drives, DearCry ransomware encrypts certain file types (based on file extensions) using AES and RSA-2048. Once the encryption is complete, DearCry displays a ransom note asking users to email the ransomware operators to learn how to decrypt their machines.