Cybersecurity platform Securonix has recently highlighted a surge in cyberattacks aimed at Microsoft SQL (MSSQL) servers. This attack campaign is designed to exploit vulnerabilities in these servers to deploy the FreeWorld ransomware.
The DBJammer Campaign Unveiled
In a breakdown by Securonix Threat Labs, the campaign dubbed as “DBJammer” has been brought to the public. This attack strategy has a clear method. Threat actors are scouting for Microsoft SQL servers burdened by weak or default credentials. Once they sport a target, these actors deploy their attack method to gain access and introduce the FreeWorld ransomware payload.
Intricate Tactics Observed by Securonix
Looking deeper into the details of these attacks, Securonix shared that post-intrusion, attackers are expanding their methods. They are seen firing a slew of commands designed for information extraction and seamless lateral movement across the compromised systems. Offering insights from Securonix, a spokesperson said, “These attackers are actively exploring mechanisms to amplify their control within these servers.”
Understanding the FreeWorld Ransomware
FreeWorld ransomware is a type of malware that encrypts files on a victim's computer and demands a ransom payment in order to decrypt them. It is believed to be based on the Dharma ransomware family.
FreeWorld ransomware works by first gaining access to a victim's computer through a variety of methods, such as phishing emails, drive-by downloads, or exploit kits. Once it is installed, it will scan the victim's computer for files to encrypt. The files that are encrypted typically include documents, images, videos, and databases.
After the files are encrypted, FreeWorld ransomware will display a ransom note on the victim's computer. The ransom note will typically contain instructions on how to pay the ransom and decrypt the files. The ransom amount is usually demanded in Bitcoin or another cryptocurrency.
How to Mitigate the Risk
In the face of such menacing cyber threats, companies cannot afford to remain passive. They must adopt a multifaceted defense strategy:
- MSSQL servers must be kept updated and patched without delay.
- Transition from default or easily decipherable credentials to robust, unique passwords.
- Instill a vigilant monitoring system that observes network traffic, flagging anomalies and unusual activities.