Security News > 2022 > September > Microsoft SQL servers hacked in TargetCompany ransomware attacks
Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning.
BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.
Security researchers at AhnLab Security Emergency Response Center say that FARGO is one of the most prominent ransomware strains that focus on MS-SQL servers, along with GlobeImposter.
Statistical data about ransomware attacks on the ID Ransomware platform indicate that the FARGO family of file-encrypting malware is quite active.
The researchers note that the ransomware infection starts with the MS-SQL process on the compromised machine downloading a.NET file using cmd.
The FARGO ransomware strain excludes some software and directories from encryption to prevent the attacked system from becoming completely unusable.
News URL
Related news
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)