Security News > 2022 > September > Microsoft SQL servers hacked in TargetCompany ransomware attacks
Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning.
BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.
Security researchers at AhnLab Security Emergency Response Center say that FARGO is one of the most prominent ransomware strains that focus on MS-SQL servers, along with GlobeImposter.
Statistical data about ransomware attacks on the ID Ransomware platform indicate that the FARGO family of file-encrypting malware is quite active.
The researchers note that the ransomware infection starts with the MS-SQL process on the compromised machine downloading a.NET file using cmd.
The FARGO ransomware strain excludes some software and directories from encryption to prevent the attacked system from becoming completely unusable.
News URL
Related news
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)