Security News > 2024 > January > Hackers are targeting exposed MS SQL servers with Mimic ransomware
Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning.
Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023.
"From our analysis, some parts of the code seemed to be based on, and share several similarities with the Conti ransomware builder that was leaked in March 2022. For example, the enumeration of the encryption modes shares the same integer for both Mimic and Conti," Trend Micro researchers said, and noted that MIMIC targets Russian and English-speaking users.
"The timeline for the events was about one month from initial access to the deployment of Mimic ransomware on the victim domain," Securonix researchers noted.
This latest campaign is very similar to the one Securonix researchers spotted last year, in which also targeted MS SQL servers and delivered a variant of the Mimic ransomware.
In another campaign documented by researchers in early 2020, attackers leveraged poorly secured MS SQL servers to install Vollar and Monero cryptocurrency miners.
News URL
https://www.helpnetsecurity.com/2024/01/10/ms-sql-mimic-ransomware/
Related news
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)