DearCry Ransomware or as Microsoft debut it as DoejoCrypt Ransomware is targeting new zero-day ProxyLogon vulnerabilities in Microsoft Exchange servers. It uses AES-256 to encrypt the files and the RSA-2048 public key to encrypt the AES key. A ransom of $16,000 is demanded for decryption key. The ransomware will also prepends the 'DEARCRY!' string to the beginning of each encrypted file.
.CRYPT extension is added to encrypted files.
Update : BlackKingdom Ransomware is also exploiting ProxyLogon for ransom.
DearCry Ransomware Signatures
Family: Ransom:Win32/DoejoCrypt.A
MD5: 0e55ead3b8fd305d9a54f78c7b56741a
SHA256: 2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff
DearCry Ransomware Download
