Security News > 2023 > April > Microsoft SQL servers hacked to deploy Trigona ransomware
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL servers to deploy Trigona ransomware payloads and encrypt all files.
Exe service, which they use to launch the Trigona ransomware as svchost.
First spotted in October 2022 by MalwareHunterTeam and analyzed by BleepingComputer, the Trigona ransomware operation is known for only accepting ransom payments in Monero cryptocurrency from victims worldwide.
Trigona encrypts all files on victims' devices except those in specific folders, including the Windows and Program Files directories.
The ransomware renames encrypted files by adding the.
The Trigona ransomware gang has been behind a constant stream of attacks, with at least 190 submissions to the ID Ransomware platform since the start of the year.
News URL
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)