A new ransomware variant dubbed FARGO is doing rounds on the internet and its primary target is Microsoft’s SQL Servers that are vulnerable as they are lacking timely patches. Cybersecurity researchers from AhnLab Security say that the newly detected malware variant is an imposter of a past variant named GlobelImposter and starts circulating after Cobalt Strike Beacons are dropped onto the victim machines.
In both cases, “. mallox” is the file extension in detection and so the malware family can be easily referred as “Mallox”.
Meanwhile, researchers from Avast have also released an update about the existence of the said file encrypting malware and reiterated it as a past strain detected in February this year and dubbed as “TargetCompany”
Interestingly, FARGO has the potential to turn into a wiper malware if the targeted victim cannot pay ransom in time or denies paying the demanded sum. It also has the potential to neutralize Raccine, the Open-source ransomware vaccine.
The only good part about this malicious software is that it doesn’t encrypt all programs and directories, as it leaves some Windows System Directories and TOR browser to prevent victimized machine from becoming fully out-of-use.
Security analysts are asking the MS-SQL servers to keep their servers patched for the latest vulnerabilities and protect their systems with strong 18-character passwords and a 2FA. Remember, a strong password is a mixture of alpha-numeric characters along with two or three special characters.
NOTE- Microsoft SQL Servers are used for transaction processing, business intelligence, and analytics applications in IT environments; competing with IBM’s DB2 and Oracle Database.