Security News > 2024 > January > Hackers are targeting exposed MS SQL servers with Mimic ransomware
Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning.
Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023.
"From our analysis, some parts of the code seemed to be based on, and share several similarities with the Conti ransomware builder that was leaked in March 2022. For example, the enumeration of the encryption modes shares the same integer for both Mimic and Conti," Trend Micro researchers said, and noted that MIMIC targets Russian and English-speaking users.
"The timeline for the events was about one month from initial access to the deployment of Mimic ransomware on the victim domain," Securonix researchers noted.
This latest campaign is very similar to the one Securonix researchers spotted last year, in which also targeted MS SQL servers and delivered a variant of the Mimic ransomware.
In another campaign documented by researchers in early 2020, attackers leveraged poorly secured MS SQL servers to install Vollar and Monero cryptocurrency miners.
News URL
https://www.helpnetsecurity.com/2024/01/10/ms-sql-mimic-ransomware/
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)