In a concerning development on the cybersecurity front, unknown threat actors have set their sights on inadequately protected Microsoft SQL servers, launching a campaign to infect them with a novel strain of ransomware. A recent report by cybersecurity experts at Securonix sheds light on this worrisome trend, revealing the tactics employed by hackers in this latest assault.
The campaign begins with hackers attempting to gain unauthorized access to MS SQL servers through brute-force attacks. Once they breach the defenses, a sequence of actions unfolds, starting with the deployment of a Cobalt Strike beacon. This is followed by lateral movement through the target network and endpoints, culminating in the deployment of a ransomware variant known as FreeWorld.
FreeWorld appears to be a mutation of the well-known encryptor, Mimic. While the ultimate objective of the campaign aligns with ransomware norms, which involve stealing sensitive data and encrypting endpoints, the hackers’ innovative use of tools and infrastructure sets this operation apart. Securonix elaborates in its report, citing the hackers’ utilization of enumeration software, Remote Access Trojan (RAT) payloads, exploitation tools, credential-stealing software, and finally, the deployment of ransomware payloads.
The effectiveness of this campaign hinges solely on the strength of the passwords safeguarding MS SQL servers, as researchers have concluded. This underscores the critical importance of robust, complex passwords, particularly for publicly exposed services. It’s evident that servers with weak passwords have become prime targets for compromise.
Ransomware, a prevalent form of cybercrime, has witnessed a resurgence in 2023, following a comparatively tranquil 2022. Statistics from Coveware indicate a significant surge in ransomware attacks this year. Concurrently, awareness among potential victims has risen, resulting in fewer organizations acquiescing to ransom demands. According to the same source, the percentage of compromised organizations succumbing to ransom demands has plummeted to a historic low of 34%.
For those organizations that opted to pay the ransom, the cost was substantial. The average ransom payment surpassed $700,000, marking a staggering 126% increase compared to the first quarter of 2023. These findings underscore the growing urgency for robust cybersecurity measures and heightened vigilance in the face of evolving cyber threats.