Microsoft Corp. has detected and blocked a “new family of ransomware” that was being used against servers that still hadn’t patched vulnerabilities after last week’s major security breach.
The updates it released on Friday are a temporary measure to defend against attacks, which were already occurring in many places, the company said.
The company discovered suspected Chinese state-sponsored hackers were exploiting previously unknown vulnerabilities in Microsoft’s widely used Exchange business email software earlier in March. Even as it issued a patch for those systems, hackers rushed to find companies that had yet to install Microsoft’s fix.
Hackers are using the weaknesses introduced in the original attacks, including secret entry points inserted in victims’ systems, to gain access. Governments have been hounding businesses to install the patches — the Australian government has issued at least three warnings in nine days — and Microsoft has warned organizations to take urgent action to forestall damage.
This latest update “means that Microsoft is concerned that people haven’t patched,” said Robert Potter, a cybersecurity expert based in Canberra, Australia. “If you’ve already been hit there’s very little you can do. You better hope your backups work, because you’re not going to get decrypted.”