As an update to our March 8th and March 9th blog posts on this subject, please note that both the scope and severity of the attacks on MS Exchange servers have reportedly been underestimated. The list of 30,000 victim organizations has grown significantly, with many victims compromised by several hacking groups. Exchange servers that were patched on the same day that Microsoft released patches, may already have been seeded with malware. The supplemental guidance being offered is to immediately backup any data stored on these servers and to be sure to have one backup that is saved completely offline as ransomware is viewed as an inevitable occurrence.
Resources:
- Krebs on Security (03/09/21), Warning the World of a Ticking Time Bomb
- FBI & CISA (03/10/21), Joint Cybersecurity Advisory