FARGO Ransomware Attacks MS-SQL Servers To Encrypt Internet Services

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing
Cybersecurity experts at the ASEC (AhnLab Security Emergency Response Center) analysis team have recently warned that Microsoft SQL servers that are vulnerable to attacks have been targeted by the ransomware called FARGO in a new wave of attacks.

An MS-SQL server is a system that is used for storing and managing data related to internet services and applications. In the event that they are disrupted, it can have severe consequences for businesses.

It seems that the new wave of attacks is more devastating, aiming to prey on database owners and lock them out of their databases to make a quick profit.

FARGO Ransomware

Among the popular ransomware programs like GlobeImposter, the FARGO ransomware is also most well-known for targeting the Microsoft SQL Server databases that are vulnerable. This ransomware has also been known as Mallox in the past, due to the fact that it has the .mallox file extension.

Using this method, additional malware will be downloaded and loaded from a specific location.

A BAT file is generated by the malware that has been loaded and executed in the %temp% directory, by which certain processes and services can be shut down.

The behavior of the ransomware begins with its infiltration into AppLaunch[.]exe, which is a standard program in Windows. Following this, the recovery deactivation command is executed, and a registry key on a specific path is attempted to be deleted, as well as certain processes are closed.

Ransom Note

As soon as the encryption process is completed, the locked files are renamed with the extension “.Fargo3” which is added by the unit itself. Afterwards, the ransom note is generated by the malware.

In order to pay for the ransom, the threat actor threatens the victims that they will leak their stolen files on their Telegram channel if they do not pay the ransom demanded.

In systems where account credentials are poorly managed, brute force attacks and dictionary attacks are typical types of attacks that target database servers.

A cybercriminal may also try to exploit known vulnerabilities that have not been patched by the target, as an alternative to the previous method.

Recommendations

Here below we have mentioned all the recommendations:-

  • Always use strong and unique passwords.
  • Make sure to keep the machine up-to-date.
  • Periodically change the passwords.
  • Always update to the latest patch.