Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

Must Read

Yusuf Balogun
Yusuf Balogun
Yusuf is an aspiring Journalist and Health law expert with a special focus on technology innovations. He is a writer at Right for Education, Libertist Centre for Education, Qwenu, and Editor at Gamji Press, UDUS.

A report from the security analysis team of AhnLab Security Emergency Response Center (ASEC) has revealed today a new cybercriminal activity distributing FARGO ransomware that targets vulnerable Microsoft SQL servers. This inflicting issues on it can mean big problems for businesses.

According to ASEC, the infection comes when the MS-SQL process downloads a .NET file through cmd.exe and powershell.exe. This file then downloads and loads additional malware, resulting in generating and executing a BAT file that ends specific processes and services.

Also Read

According to ASEC, the malware infects AppLaunch.exe, a typical Windows software, to start acting maliciously. Additionally, it runs the recovery deactivation command, attempts to delete a registry key on a certain path, and ends some processes.

ASEC researchers further noted that the ransomware encrypts files but leaves out parts of them, such as directories and extensions, to keep some portions of the system accessible. The distinctive feature is that it excludes files with a file extension connected to Globeimposter. According to ASEC, this exclusion list contains not only the same sort of extensions used by FARGO, FARGO 2, and FARGO 3 but also FARGO 4, which is believed to be a future version of the ransomware.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

The ransom letter generated by the ransomware will then emerge with the file name “RECOVERY FILES.txt,” and the crooks will rename the encrypted files using the FARGO 3 extension. If the victims attempt to repair the issue on their own using third-party software, they will notice threats in the warning that their system’s file will be permanently erased. Cybercriminals also threaten to release the information into the public domain if the victims decline to pay the ransom.

In addition to unpatched vulnerabilities, ASEC noted that weak account credentials frequently make database servers like MS-SQL and MySQL servers the subject of brute force and dictionary assaults. The analysis team concluded that it might be avoided by resolving the problems and taking extra precautions to protect passwords.

Accordingly, ASEC finally suggested that to protect the database server from brute force attacks and dictionary attacks, MS-SQL servers administrators should use challenging passwords to guess for their accounts and change them regularly. They should also update to the most recent patch to fend off vulnerability attacks.

Save up to 60% on OptinMonster

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -