Security News > 2023 > April > Microsoft SQL servers hacked to deploy Trigona ransomware
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL servers to deploy Trigona ransomware payloads and encrypt all files.
Exe service, which they use to launch the Trigona ransomware as svchost.
First spotted in October 2022 by MalwareHunterTeam and analyzed by BleepingComputer, the Trigona ransomware operation is known for only accepting ransom payments in Monero cryptocurrency from victims worldwide.
Trigona encrypts all files on victims' devices except those in specific folders, including the Windows and Program Files directories.
The ransomware renames encrypted files by adding the.
The Trigona ransomware gang has been behind a constant stream of attacks, with at least 190 submissions to the ID Ransomware platform since the start of the year.
News URL
Related news
- Ukraine claims it hacked Russian Ministry of Defense servers (source)
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)