Trigona Ransomware Targets Weakly Configured Microsoft SQL Servers

Using brute-force or dictionary attacks, cybercriminals target internally exposed and inadequately secured Microsoft SQL (MS-SQL) servers. The SQL attack’s main goal is to spread the Trigona ransomware. The Trigona ransomware operation, according to AhnLab, only accepts ransom payments in Monero from victims all around the world. The initial sighting occurred in October 2022.

The attackers use CLR Shell malware after connecting to a SQL server. It is used to change account settings, gather system information, and grant LocalSystem with additional privileges. The malware is launched by the attackers using the CVE-2016-0099 vulnerability in the Windows Secondary Logon Service.

Trigona Ransomware Targets Weakly Configured Microsoft SQL Servers

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Trigona Ransomware Targets Weakly Configured Microsoft SQL Servers

24-Apr-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address