Vulnerable Microsoft SQL (MS-SQL) servers are being exploited by cybercriminals to distribute Cobalt Strike and FreeWorld ransomware. Securonix researchers have named this malicious campaign “DB#Jammer.”
Ransomware Defense: Strategies and Recommendations
Attackers typically commence their assault by brute-forcing passwords on vulnerable servers. Once inside, they collect information about the victim’s network and introduce malware. Subsequently, they disable the firewall and establish connections to remote resources to obtain additional tools, including Cobalt Strike.
The hackers advance by executing lateral movement within the network. They also install the legitimate AnyDesk remote access program and deploy FreeWorld ransomware on compromised systems. Although they attempted to establish remote access persistence through the Ngrok service, their efforts were unsuccessful.
To mitigate such risks, cybersecurity experts recommend implementing robust measures within organizations. These include using strong, complex passwords, regularly updating software, conducting routine data backups, and providing employees with cyber hygiene training.
In addition, organizations should maintain up-to-date anti-malware solutions and promptly apply vulnerability patches. Taking a comprehensive approach to information security remains the primary defense against ransomware and other cyber threats.