Hacker Group Targets MSSQL Servers with FreeWorld Ransomware | #ransomware | #cybercrime

platform Securonix has recently highlighted a surge in aimed at Microsoft SQL (MSSQL) servers. This attack campaign is designed to exploit in these servers to deploy the FreeWorld .

The DBJammer Campaign Unveiled

In a breakdown by Securonix Threat Labs, the campaign dubbed as “DBJammer” has been brought to the public. This attack strategy has a clear method. Threat actors are scouting for SQL servers burdened by weak or default credentials. Once they sport a target, these actors deploy their attack method to gain access and introduce the FreeWorld ransomware payload.

Intricate Tactics Observed by Securonix

Looking deeper into the details of these attacks, Securonix shared that post-intrusion, attackers are expanding their methods. They are seen firing a slew of commands designed for information extraction and seamless lateral movement across the compromised systems. Offering insights from Securonix, a spokesperson said, “These attackers are actively exploring mechanisms to amplify their control within these servers.”

Understanding the FreeWorld Ransomware

FreeWorld ransomware is a type of malware that encrypts files on a victim’s computer and demands a ransom payment in order to decrypt them. It is believed to be based on the Dharma ransomware family.

FreeWorld ransomware works by first gaining access to a victim’s computer through a variety of methods, such as phishing emails, drive-by downloads, or exploit kits. Once it is installed, it will scan the victim’s computer for files to encrypt. The files that are encrypted typically include documents, images, videos, and databases.

After the files are encrypted, FreeWorld ransomware will display a ransom note on the victim’s computer. The ransom note will typically contain instructions on how to pay the ransom and decrypt the files. The ransom amount is usually demanded in Bitcoin or another .

How to Mitigate the Risk 

In the face of such menacing cyber threats, companies cannot afford to remain passive. They must adopt a multifaceted defense strategy:

  • MSSQL servers must be kept updated and patched without delay.
  • Transition from default or easily decipherable credentials to robust, unique passwords.
  • Instill a vigilant monitoring system that observes network traffic, flagging anomalies and unusual activities.

Source link

National Cyber Security