Security News > 2022 > September > Microsoft SQL servers hacked in TargetCompany ransomware attacks
Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning.
BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.
Security researchers at AhnLab Security Emergency Response Center say that FARGO is one of the most prominent ransomware strains that focus on MS-SQL servers, along with GlobeImposter.
Statistical data about ransomware attacks on the ID Ransomware platform indicate that the FARGO family of file-encrypting malware is quite active.
The researchers note that the ransomware infection starts with the MS-SQL process on the compromised machine downloading a.NET file using cmd.
The FARGO ransomware strain excludes some software and directories from encryption to prevent the attacked system from becoming completely unusable.
News URL
Related news
- LockBit ransomware returns to attacks with new encryptors, servers (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks (source)
- FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (source)
- FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Ukraine claims it hacked Russian Ministry of Defense servers (source)
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)