Novel FreeWorld ransomware deployed in attacks against Microsoft SQL servers

Microsoft SQL servers accessible through the internet have been targeted with brute-force attacks distributing the novel Mimic ransomware variant dubbed "FreeWorld," according to The Record, a news site by cybersecurity firm Recorded Future. Dictionary-based or random password spray attempts are being conducted by threat actors in a bid to crack the passwords of targeted Microsoft SQL databases, which will then be followed by the utilization of SQL to facilitate network mapping, credential exfiltration, and FreeWorld deployment, a report from Securonix revealed. Further examination of an organization victimized by the operation revealed that while the organization's firewall was able to thwart numerous attacker tools, it was eventually infiltrated with the use of the AnyDesk remote access software. "This is not something we have been seeing often, and what truly sets this attack sequence apart is the extensive tooling and infrastructure used by the threat actors," said Securonix Vice President of Threat Research Oleg Kolesnikov.