Security News > 2024 > January > Hackers are targeting exposed MS SQL servers with Mimic ransomware
Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning.
Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023.
"From our analysis, some parts of the code seemed to be based on, and share several similarities with the Conti ransomware builder that was leaked in March 2022. For example, the enumeration of the encryption modes shares the same integer for both Mimic and Conti," Trend Micro researchers said, and noted that MIMIC targets Russian and English-speaking users.
"The timeline for the events was about one month from initial access to the deployment of Mimic ransomware on the victim domain," Securonix researchers noted.
This latest campaign is very similar to the one Securonix researchers spotted last year, in which also targeted MS SQL servers and delivered a variant of the Mimic ransomware.
In another campaign documented by researchers in early 2020, attackers leveraged poorly secured MS SQL servers to install Vollar and Monero cryptocurrency miners.
News URL
https://www.helpnetsecurity.com/2024/01/10/ms-sql-mimic-ransomware/
Related news
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)