Security News > 2022 > September > Microsoft SQL servers hacked in TargetCompany ransomware attacks
Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning.
BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.
Security researchers at AhnLab Security Emergency Response Center say that FARGO is one of the most prominent ransomware strains that focus on MS-SQL servers, along with GlobeImposter.
Statistical data about ransomware attacks on the ID Ransomware platform indicate that the FARGO family of file-encrypting malware is quite active.
The researchers note that the ransomware infection starts with the MS-SQL process on the compromised machine downloading a.NET file using cmd.
The FARGO ransomware strain excludes some software and directories from encryption to prevent the attacked system from becoming completely unusable.
News URL
Related news
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)