Security News > 2023 > April > Microsoft SQL servers hacked to deploy Trigona ransomware
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL servers to deploy Trigona ransomware payloads and encrypt all files.
Exe service, which they use to launch the Trigona ransomware as svchost.
First spotted in October 2022 by MalwareHunterTeam and analyzed by BleepingComputer, the Trigona ransomware operation is known for only accepting ransom payments in Monero cryptocurrency from victims worldwide.
Trigona encrypts all files on victims' devices except those in specific folders, including the Windows and Program Files directories.
The ransomware renames encrypted files by adding the.
The Trigona ransomware gang has been behind a constant stream of attacks, with at least 190 submissions to the ID Ransomware platform since the start of the year.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Oracle says "obsolete servers" hacked, denies cloud breach (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)