SQL Server admins warned about Fargo ransomware

2022-09-26 16:00

Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up.

The warning comes in a blog posting from analysts at the AhnLab Security Emergency Response Center, which says that Fargo is one of the most prominent ransomware strains targeting vulnerable SQL Server instances, and was previously also known as Mallox because it used the file extension.

According to ASEC, a Fargo attack starts with the SQL Server process on a compromised machine being used to download a.net file via the cmd.

Exe, which then attempts to delete the registry key for Raccine, an open source tool designed to provide some protection against ransomware attacks.

How are the attackers getting access to SQL Server instances to deploy the ransomware in the first place? According to ASEC, this will typically take the form of brute force attacks and dictionary attacks on systems where account credentials are being poorly managed.

The ASEC blog offers the advice that SQL Server admins should use strong passwords that are difficult to guess for their accounts, and change them periodically to protect the database server from brute force attacks and dictionary attacks, which any IT pro worth their name will have been doing already.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/26/sql_server_fargo_ransomware/

#ransomware #server #SQL #sqlserver

News URL

Related news