DearCry Ransomware or as Microsoft debut it as DoejoCrypt Ransomware is targeting new zero-day ProxyLogon vulnerabilities in Microsoft Exchange servers. It uses AES-256 to encrypt the files and the RSA-2048 public key to encrypt the AES key. A ransom of $16,000 is demanded for decryption key. The ransomware will also prepends the 'DEARCRY!' string to the beginning of each encrypted file. .CRYPT
extension is added to encrypted files.
Update : BlackKingdom Ransomware
is also exploiting ProxyLogon for ransom.
DearCry Ransomware Signatures
DearCry Ransomware Download