Security News > 2024 > January > Hackers target Microsoft SQL servers in Mimic ransomware attacks
A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware.
"The timeline for the events was about one month from initial access to the deployment of MIMIC ransomware on the victim domain."
"Mimic will drop the Everything binaries used to aid the encryption process. The Mimic dropper in our case 'red25.exe,' dropped all of the necessary files in order for the main ransomware payload to complete its objectives," Securonix said.
Securonix exposed another campaign targeting MSSQL servers last year using the same brute force initial access attack vector and deploying FreeWorld ransomware.
New Mimic ransomware abuses 'Everything' Windows search tool.
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)