Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News

New Cybercriminal FARGO Ransomware Activity Targets Microsoft SQL Servers Says ASEC

Yusuf Balogun
Yusuf Balogun
Yusuf is a law graduate and freelance journalist with a keen interest in tech reporting.

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

A report from the security analysis team of AhnLab Security Emergency Response Center (ASEC) has revealed today a new cybercriminal activity distributing FARGO ransomware that targets vulnerable Microsoft SQL servers. This inflicting issues on it can mean big problems for businesses.

According to ASEC, the infection comes when the MS-SQL process downloads a .NET file through cmd.exe and powershell.exe. This file then downloads and loads additional malware, resulting in generating and executing a BAT file that ends specific processes and services.

According to ASEC, the malware infects AppLaunch.exe, a typical Windows software, to start acting maliciously. Additionally, it runs the recovery deactivation command, attempts to delete a registry key on a certain path, and ends some processes.

ASEC researchers further noted that the ransomware encrypts files but leaves out parts of them, such as directories and extensions, to keep some portions of the system accessible. The distinctive feature is that it excludes files with a file extension connected to Globeimposter. According to ASEC, this exclusion list contains not only the same sort of extensions used by FARGO, FARGO 2, and FARGO 3 but also FARGO 4, which is believed to be a future version of the ransomware.

The ransom letter generated by the ransomware will then emerge with the file name “RECOVERY FILES.txt,” and the crooks will rename the encrypted files using the FARGO 3 extension. If the victims attempt to repair the issue on their own using third-party software, they will notice threats in the warning that their system’s file will be permanently erased. Cybercriminals also threaten to release the information into the public domain if the victims decline to pay the ransom.

In addition to unpatched vulnerabilities, ASEC noted that weak account credentials frequently make database servers like MS-SQL and MySQL servers the subject of brute force and dictionary assaults. The analysis team concluded that it might be avoided by resolving the problems and taking extra precautions to protect passwords.

Accordingly, ASEC finally suggested that to protect the database server from brute force attacks and dictionary attacks, MS-SQL servers administrators should use challenging passwords to guess for their accounts and change them regularly. They should also update to the most recent patch to fend off vulnerability attacks.


Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Power Your Business

Solutions you need to super charge your business and drive growth

More from this topic