1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft SQL servers hacked to spread ransomware

    From TechnologyDaily@1337:1/100 to All on Thu Apr 20 13:15:03 2023
    Microsoft SQL servers hacked to spread ransomware

    Date:
    Thu, 20 Apr 2023 12:02:40 +0000

    Description:
    Hackers are deploying the Trigona ransomware on poorly configured Microsoft SQL servers.

    FULL STORY ======================================================================

    Cybersecurity experts have spotted a new hacking campaign taking advantage of poorly secured MS-SQL servers to deliver the Trigona ransomware .

    Researchers from South Korean firm AhnLab observed the threat actors scanning for internet-exposed Microsoft SQL servers and then trying to access them either via brute-force or dictionary attacks. These attacks work if the servers have simple, easy-to-guess passwords, and by automating the login process, the hackers can breach numerous servers with ease.

    Once they gain access to the endpoint, the attackers will first install a piece of malware the researchers named CLR Shell. This malware picks up
    system information, changes the compromised accounts configuration, and escalates privileges to LocalSystem through a vulnerability in the Windows Secondary Logon Service. Deleting backups

    "CLR Shell is a type of CLR assembly malware that receives commands from threat actors and performs malicious behaviors, similarly to the WebShells of web servers," the researchers said.

    The next step is to use the svcservice.exe malware dropper to deploy the Trigona ransomware. In this step, all files on the device are encrypted, and
    a ransom note is left, instructing the victims on how to reach out to the attackers and negotiate the release of a decryption key. The researchers also said that Trigona disables system recovery and deletes any Windows Volume Shadow copies, to prevent the victims from recovering their systems via backup. Read more

    Many CISOs are drowning in security debt


    The explosion of digital identities and growth of cybersecurity debt


    These are the best malware removal tools

    While businesses might be tempted to pay the ransom, thinking that would be the simplest and cheapest way to address the problem, general consensus is that they should refrain from giving in to criminal demands. Recent data from Rubrik Zero Labs has found that of all the organizations that suffered a ransomware attack and paid for the decryptor, just 16% actually managed to recover all of their data.

    Paying the ransom also funds future criminal activity, which is yet another reason not to give in to the hackers demands. Check out our list of the best endpoint security software around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-sql-servers-hacked-to-spread-ransomwa re


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)