Get a Demo
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get a Demo
Back to Resources

SentinelOne VS DearCry Ransomware (Exploits Microsoft Hafnium Exchange Vulnerabilities) Protect Mode

Video
SentinelOne VS DearCry Ransomware (Exploits Microsoft Hafnium Exchange Vulnerabilities) Protect Mode

Watch how SentinelOne protects from DearCry – new ransomware that exploits the Microsoft Exchange (Hafnium) vulnerabilities. For more details on Hafnium: https://lnkd.in/gUSDW_j

DearCry is a new ransomware that exploits the Microsoft Exchange vulnerabilities, known as Hafnium. The ransomware appears to have been deposited via webshell access on the targeted servers. The delivery mechanisms likely extend beyond that however. See how Sentinelone protects
DearCry creates a windows service (“msupdate”) which handles the bulk of the encryption duties. A hard-coded list of extensions to queue for encryption is included, and most common filetypes are covered in said list. After encryption, affected files will have their extension changed to “.CRYPT”. Encryption is fairly straightforward, appearing to make use of AES-256 for file/data encryption, while AES key is encrypted via RSA-2048. The ransomware will attempt to enumerate all logical, and accessible, drives for encryptable data. Victims are instructed to contact the attacker via email, with two addresses being provided in the ransom note.

#Lazarus #sentinellabs #infosec #cybersecurity #cyberattack #cyber #hacking #NukeSped

Watch Now
Related Resources
Video
LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware | Jim Walter
Video
RSAC 2025: Join SentinelOne
Video
Is DeepSeek a Cybersecurity Threat? SentinelOne’s Alex Stamos Answers.
Video
SentinelOne and Aston Martin F1 Team

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo