Microsoft data servers are under threat from FARGO ransomware, according to a blog post from AhnLab Security Emergency Response Center (ASEC).
ASEC warns that hackers are using a BAT file to install malware that disables the open-source anti-ransomware tool Raccine. Once Raccine is disabled, the BAT file rewrites files in the system under a .FARGO3 extension and holds them hostage. The exploit was previously known as “Mallox” for its “.mallox” extension.
“Administrators of MS SQL servers should use passwords that are difficult to guess for their accounts and change them periodically to protect the database server from brute force attacks and dictionary attacks, and update to the latest patch to prevent any potential vulnerability attacks,” ASEC said in a blog post detailing the malware attack.
Malware installed on the targeted machine by downloading a .NET file through cmd.exe and powershell.exe that downloads further malware, including the BAT file. Once the BAT file runs, the malware attacks Raccine and then locks and overwrites sensitive files with the .FARGO3 extension.
Microsoft, through its PR arm WE Communications, declined to comment.
No easy fix. Brian Donohue, principal security specialist for cybersecurity service Red Canary, told IT Brew that attacks on SQL servers make sense from the vantage point of hackers.
“The reason it’s a juicy target is because server databases contain lots of business-critical information,” Donohue said, adding,“we are going to continue to see database software being targeted by ransomware, because it’s so valuable.”
Red Canary hasn’t seen the exploit in the wild, Donohue emailed in a statement via Nicki Doggart, but that doesn’t mean the potential isn’t there for damage. And any fix is sure to be costly (though perhaps not as costly as paying the ransom itself).
“Even just installing patches is a ton of work,” Donohue said. “Because you never know when any given patch is gonna break, whatever application integration you have…that all requires extensive testing to figure out.”—EH
Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.