Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up.
The warning comes in a blog posting from analysts at the AhnLab Security Emergency Response Center (ASEC), which says that Fargo is one of the most prominent ransomware strains targeting vulnerable SQL Server instances, and was previously also known as Mallox because it used the file extension .mallox for encrypted files in an earlier wave of attacks.
According to ASEC, a Fargo attack starts with the SQL Server process on a compromised machine being used to download a .net file via the cmd.exe and powershell.exe consoles. This payload fetches and runs additional malware code which generates and executes a BAT file that then shuts down some processes and services.
Source: The Register