HomeWinBuzzer NewsHacker Group Targets MSSQL Servers with FreeWorld Ransomware

Hacker Group Targets MSSQL Servers with FreeWorld Ransomware

The "DBJammer" campaign, involves attackers targeting vulnerable MSSQL servers using weak credentials, swiftly deploying the damaging FreeWorld ransomware.


platform Securonix has recently highlighted a surge in aimed at Microsoft SQL (MSSQL) servers. This attack campaign is designed to exploit vulnerabilities in these servers to deploy the FreeWorld .

The DBJammer Campaign Unveiled

In a breakdown by Securonix Threat Labs, the campaign dubbed as “DBJammer” has been brought to the public. This attack strategy has a clear method. are scouting for Microsoft SQL servers burdened by weak or default credentials. Once they sport a target, these actors deploy their attack method to gain access and introduce the FreeWorld ransomware payload.

Intricate Tactics Observed by Securonix

Looking deeper into the details of these attacks, Securonix shared that post-intrusion, attackers are expanding their methods. They are seen firing a slew of commands designed for information extraction and seamless lateral movement across the compromised systems. Offering insights from Securonix, a spokesperson said, “These attackers are actively exploring mechanisms to amplify their control within these servers.”

Understanding the FreeWorld Ransomware

FreeWorld ransomware is a type of malware that encrypts files on a victim's computer and demands a ransom payment in order to decrypt them. It is believed to be based on the Dharma ransomware family.

FreeWorld ransomware works by first gaining access to a victim's computer through a variety of methods, such as emails, drive-by downloads, or exploit kits. Once it is installed, it will scan the victim's computer for files to encrypt. The files that are encrypted typically include documents, images, videos, and databases.

After the files are encrypted, FreeWorld ransomware will display a ransom note on the victim's computer. The ransom note will typically contain instructions on how to pay the ransom and decrypt the files. The ransom amount is usually demanded in Bitcoin or another .

How to Mitigate the Risk 

In the face of such menacing , companies cannot afford to remain passive. They must adopt a multifaceted defense strategy:

  • MSSQL servers must be kept updated and patched without delay.
  • Transition from default or easily decipherable credentials to robust, unique passwords.
  • Instill a vigilant monitoring system that observes network traffic, flagging anomalies and unusual activities.
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.