Security News > 2024 > January > Hackers are targeting exposed MS SQL servers with Mimic ransomware
Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning.
Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023.
"From our analysis, some parts of the code seemed to be based on, and share several similarities with the Conti ransomware builder that was leaked in March 2022. For example, the enumeration of the encryption modes shares the same integer for both Mimic and Conti," Trend Micro researchers said, and noted that MIMIC targets Russian and English-speaking users.
"The timeline for the events was about one month from initial access to the deployment of Mimic ransomware on the victim domain," Securonix researchers noted.
This latest campaign is very similar to the one Securonix researchers spotted last year, in which also targeted MS SQL servers and delivered a variant of the Mimic ransomware.
In another campaign documented by researchers in early 2020, attackers leveraged poorly secured MS SQL servers to install Vollar and Monero cryptocurrency miners.
News URL
https://www.helpnetsecurity.com/2024/01/10/ms-sql-mimic-ransomware/
Related news
- LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada (source)
- Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Targus discloses cyberattack after hackers detected on file servers (source)
- Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)