dearcry (Malware Family)

dearcry

aka: DoejoCrypt

According to PCrisk, DearCry ransomware has been observed infecting systems via ProxyLogon vulnerabilities of Microsoft Exchange servers - mail and calendaring servers developed by Microsoft. While a patch has been released addressing these vulnerabilities, thousands of Microsoft Exchange servers remained unpatched at the time of research.

References

2022-03-17 ⋅ Sophos ⋅ Tilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker

2021-06-30 ⋅ Advanced Intelligence ⋅ AdvIntel Security & Development Team, Brandon Rudisel, Yelisey Boguslavskiy
Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets
BlackKingdom Ransomware Clop dearcry Hades REvil

2021-04-12 ⋅ CISA ⋅ US-CERT
Analysis Report (AR21-102B): DearCry Ransomware
dearcry

2021-03-25 ⋅ LIFARS ⋅ LIFARS
DearCry Ransomware Malware Analysis and Reverse Engineering
dearcry

2021-03-19 ⋅ YouTube (LIFARS LLC) ⋅ LIFARS
DearCry Ransomware
dearcry

2021-03-15 ⋅ Sophos Labs ⋅ Mark Loman
DearCry ransomware attacks exploit Exchange server vulnerabilities
dearcry WannaCryptor

2021-03-13 ⋅ YouTube (0xc7a) ⋅ Twitter (@CatWithoutAHat7)
DearCry Ransomware - A quick look 0x00
dearcry

2021-03-13 ⋅ YouTube (0xc7a) ⋅ Twitter (@CatWithoutAHat7)
DearCry Ransomware - A quick look 0x02
dearcry

2021-03-13 ⋅ YouTube (0xc7a) ⋅ 0xca7, Twitter (@CatWithoutAHat7)
DearCry Ransomware - A quick look 0x01
dearcry

There is no Yara-Signature yet.

dearcry Propose Change

References

dearcry