The disclosure, made on Twitter by security programme manager Phillip Misner, is the realisation of worries that have been coursing through the security community for days.
Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake down organisations across the internet.
The weird thing is that despite the threat, Vole has issued a patch and yet for some reason company networks are not getting updated.
The fixes are free, but experts attribute the sluggish pace of many customers’ updates in part to the complexity of Exchange’s architecture.
All manner of hackers have begun taking advantage of the holes - one security firm recently counted 10 separate hacking groups using the flaws - but ransomware operators are among the most feared.