FreeWorld appears to be a mutation of the well-known encryptor, Mimic. While the ultimate objective of the campaign aligns with ransomware norms, which involve stealing sensitive data and encrypting endpoints, the hackers’ innovative use of tools and infrastructure sets this operation apart. Securonix elaborates in its report, citing the hackers’ utilization of enumeration software, Remote Access Trojan (RAT) payloads, exploitation tools, credential-stealing software, and finally, the deployment of ransomware payloads.
The effectiveness of this campaign hinges solely on the strength of the passwords safeguarding MS SQL servers, as researchers have concluded. This underscores the critical importance of robust, complex passwords, particularly for publicly exposed services. It’s evident that servers with weak passwords have become prime targets for compromise.
