MS SQL servers are getting hacked to deliver ransomware to orgs

2022-09-27 09:18

Cybercriminals wielding the FARGO ransomware are targeting Microsoft SQL servers, AhnLab's ASEC analysis team has warned.

They haven't pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords of existing, poorly secured accounts.

Microsoft SQL Server is a popular database server and management system, whose main purpose is to store data and deliver it when requested by various types of applications.

Other widely used database server solutions include MySQL, Redis, PostgreSQL, and MongoDB. MS SQL servers are often targeted and compromised by attackers with various goals in mind: to make them part of a cryptomining botnet, to turn them into proxy servers that could be exploited for more or less malicious purposes, and so on.

After the MS SQL server has been compromised, the attackers make it download a.NET file via Command Prompt and PowerShell, which in turn downloads and loads additional malware.

The ransomware encrypts some files and avoids others, including files with an extension associated with its own activities and that of GlobeImposter, another ransomware threat targeting vulnerable MS SQL servers.

News URL

https://www.helpnetsecurity.com/2022/09/27/ms-sql-servers-hacked-ransomware/

#hacked #ransomware #server #SQL #sqlserver

News URL

Related news