Security News > 2023 > September > Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware

Threat actors are exploiting poorly secured Microsoft SQL servers to deliver Cobalt Strike and a ransomware strain called FreeWorld.
"The ransomware payload of choice appears to be a newer variant of Mimic ransomware called FreeWorld."
Rhysida is one of the nascent ransomware strains that emerged in May 2023, adopting the increasingly popular tactic of encrypting and exfiltrating sensitive data from organizations and threatening to leak the information if the victims refuse to pay.
"Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims' data," Dutch cybersecurity company EclecticIQ said in a report released Thursday.
2023 has witnessed a record surge in ransomware attacks following a lull in 2022, even as the percentage of incidents that resulted in the victim paying have fallen to a record low of 34%, according to statistics shared by Coveware in July 2023.
The fluctuations in monetization rates have been accompanied by ransomware threat actors continuing to evolve their extortion tradecraft, including sharing details of its attack techniques to show why its victims aren't eligible for a cyber insurance payout.
News URL
https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)