Microsoft SQL servers targeted in ransomware attacks TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Microsoft SQL servers targeted in ransomware attacks By Sead Fadilpašić published 26 September 2022 MS-SQL servers with weak protection being targeted (Image credit: Future) Audio player loading… An ongoing campaign is looking to distribute the FARGO ransomware (opens in new tab) to as many Microsoft SQL servers as possible, experts have found. According to cybersecurity researchers at AhnLab Security Emergency Response Center (ASEC), threat actors are picking up pace, looking for unprotected MS-SQL servers, or those protected by weak and easily cracked passwords. The attackers are engaged in brute-force and dictionary attacks, the researchers further explain, meaning that once they set their sights on specific servers, they'll try as many password combinations as possible, until one sticks. Leaks on Telegram Endpoints with weak passwords can be accessed that way, and once they access the servers, the attackers would encrypt the files and give them a .Fargo3 extension, and place a ransom note titled RECOVERY FILES.txt. The ransomware skips a couple of Windows system directories while encrypting, including boot files, Tor Browser, Internet Explorer, user customization and settings, the debug log file, and the thumbnail database. In the ransom note, the attackers threaten to release the stolen files on their Telegram channel, unless their demands are met. Microsoft SQL servers host data used by various internet services and apps, making them pivotal to the day-to-day operations of many organizations. As such, they're a major target for various cybercriminals looking to deploy malware (opens in new tab) and steal sensitive data. So far this year, TechRadar Pro has reported twice on crooks attacking MS-SQL servers, once in April, and once in May. In April, a threat actor was spotted dropping Cobalt Strike beacons on vulnerable servers, while in May, crooks were observed brute-force attacking the endpoints.Read more> Microsoft SQL servers hit by Cobalt Strike attacks > Brute-force attacks targeting MSSQL servers, Microsoft warns > These are the best antivirus tools right now (opens in new tab) "The attackers achieve fileless persistence by spawning the sqlps.exe utility, a PowerShell wrapper for running SQL-built cmdlets, to run recon commands and change the start mode of the SQL service to LocalSystem," the Microsoft Security Intelligence team revealed at the time. This attack, BleepingComputer claims, is "more catastrophic", as it aims for a quicker profit through blackmail.Check out our rundown of the best firewalls (opens in new tab) around Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me27 new movies and TV shows on Netflix, Prime Video, HBO Max and more this weekend (October 7)3Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie4Microsoft Teams users are using it for a really bad reason, so stop now5Google Pixel Tablet is what Apple should've done ages ago1Best laptops for designers and coders 2The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me3Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie4Microsoft Teams users are using it for a really bad reason, so stop now5iPhone 15 tipped to come with an upgraded 5G chip Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)