Security News > 2024 > January > Hackers target Microsoft SQL servers in Mimic ransomware attacks

A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware.
"The timeline for the events was about one month from initial access to the deployment of MIMIC ransomware on the victim domain."
"Mimic will drop the Everything binaries used to aid the encryption process. The Mimic dropper in our case 'red25.exe,' dropped all of the necessary files in order for the main ransomware payload to complete its objectives," Securonix said.
Securonix exposed another campaign targeting MSSQL servers last year using the same brute force initial access attack vector and deploying FreeWorld ransomware.
New Mimic ransomware abuses 'Everything' Windows search tool.
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach.
News URL
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)