SQL Server admins warned about Fargo ransomware
Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up.from analysts at the AhnLab Security Emergency Response Center , which says that Fargo is one of the most prominent ransomware strains targeting vulnerable SQL Server instances, and was previously also known as Mallox because it used the file extension .
According to ASEC, a Fargo attack starts with the SQL Server process on a compromised machine being used to download a .net file via the cmd.exe and powershell.exe consoles. This payload fetches and runs additional malware code which generates and executes a BAT file that then shuts down some processes and services.
The next step in the attack is to inject .net code into AppLaunch.exe, which then attempts to delete the registry key for Raccine, an open source tool designed to provide some protection against ransomware attacks. Fargo proceeds to execute the recovery deactivation command, and deletes all shadow copies using vssadmin , before shutting down various database-related processes to make the content of database files available for encryption.
If successful, the encrypted files have their filename appended with".Fargo3" and a ransom note is generated with the filename"RECOVERY FILES.txt". The latter informs the victim how to contact the attackers in order to pay the ransom, and threatens:"In case of non-payment of the ransom, your data may be published on the public domain."
Belgique Dernières Nouvelles, Belgique Actualités
Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.
North Korea tests ballistic missile as US aircraft carrier arrives for joint military exercisesDetails released by the South's military suggest it may have been a nuclear-capable short-range weapon modelled after Russia's Iskander missile.
Lire la suite »
North Korea fires suspected ballistic missile into seaIt came after a US military ship arrived in South Korea, and before a visit by the US vice president.
Lire la suite »
Arsenal 'run riot' against Spurs in north London derby in front of record WSL crowdArsenal were fired up by a record-breaking crowd at the Emirates Stadium as they ‘ran riot’ against their rivals Tottenham in the Women’s Super League. It wasn’t just the al…
Lire la suite »
North London derby breaks WSL attendance record as Arsenal thrash SpursA NEW record attendance of 47,367 saw Arsenal thrash arch rivals Spurs 4-0, reports the Voice...
Lire la suite »
People in north of Bridlington have five year higher life expectancy than south of townIt comes as East Riding Council’s Health and Wellbeing Board heard the average number of deaths across the area was still rising even after the coronavirus pandemic has receded
Lire la suite »