Security News > 2024 > January > Hackers target Microsoft SQL servers in Mimic ransomware attacks
A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware.
"The timeline for the events was about one month from initial access to the deployment of MIMIC ransomware on the victim domain."
"Mimic will drop the Everything binaries used to aid the encryption process. The Mimic dropper in our case 'red25.exe,' dropped all of the necessary files in order for the main ransomware payload to complete its objectives," Securonix said.
Securonix exposed another campaign targeting MSSQL servers last year using the same brute force initial access attack vector and deploying FreeWorld ransomware.
New Mimic ransomware abuses 'Everything' Windows search tool.
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach.
News URL
Related news
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- JetBrains is still mad at Rapid7 for the ransomware attacks on its customers (source)
- Stanford: Data of 27,000 people stolen in September ransomware attack (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Nissan confirms ransomware attack exposed data of 100,000 people (source)
- LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada (source)