Microsoft SQL servers targeted in ransomware attacks
MS-SQL servers with weak protection being targeted
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
An ongoing campaign is looking to distribute the FARGOransomwareto as manyMicrosoftSQL servers as possible, experts have found.
According to cybersecurity researchers at AhnLab Security Emergency Response Center (ASEC), threat actors are picking up pace, looking for unprotected MS-SQL servers, or those protected by weak and easily crackedpasswords.
The attackers are engaged in brute-force and dictionary attacks, the researchers further explain, meaning that once they set their sights on specific servers, they’ll try as many password combinations as possible, until one sticks.
Leaks on Telegram
Endpointswith weak passwords can be accessed that way, and once they access the servers, the attackers would encrypt the files and give them a .Fargo3 extension, and place a ransom note titled RECOVERY FILES.txt.
The ransomware skips a couple of Windows system directories while encrypting, including boot files, Tor Browser, Internet Explorer, user customization and settings, the debug log file, and the thumbnail database. In the ransom note, the attackers threaten to release the stolen files on their Telegram channel, unless their demands are met.
Microsoft SQL servers host data used by various internet services and apps, making them pivotal to the day-to-day operations of many organizations. As such, they’re a major target for various cybercriminals looking to deploymalwareand steal sensitive data.
So far this year,TechRadar Prohas reported twice on crooks attacking MS-SQL servers, once in April, and once in May. In April, a threat actor was spotted dropping Cobalt Strike beacons on vulnerable servers, while in May, crooks were observed brute-force attacking the endpoints.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Microsoft SQL servers hit by Cobalt Strike attacks>Brute-force attacks targeting MSSQL servers, Microsoft warns>These are the best antivirus tools right now
“The attackers achieve fileless persistence by spawning the sqlps.exe utility, a PowerShell wrapper for running SQL-built cmdlets, to run recon commands and change the start mode of the SQL service to LocalSystem,” the Microsoft Security Intelligence team revealed at the time.
This attack,BleepingComputerclaims, is “more catastrophic”, as it aims for a quicker profit through blackmail.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats
