June 7, 2023

Threat actors are using FARGO ransomware targeting Microsoft SQL servers.

Initial threat vector not known, but the attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords of existing, poorly secured accounts.

Advertisements

After the MS SQL server has been compromised, the attackers make it download a .NET file via Command Prompt and PowerShell which in turn downloads and loads additional malware.

The loaded malware generates and executes a BAT file which shuts down certain processes and services, in the %temp% directory.

The ransomware’s behavior begins by being injected into AppLaunch.exe. It attempts to delete a registry key on a certain path, and executes the recovery deactivation command, and closes certain processes.

Advertisements

The ransomware encrypts some files and avoids others, including files with an extension associated with its own activities (.FARGO, .FARGO2, etc.) and that of GlobeImposter, another ransomware threat targeting vulnerable MS SQL servers.

To prevent falling victim to this and other threats coming via compromised MS SQL servers, admins are advised to regularly patch their installations and to use complex, unique passwords to protect their accounts

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: