Ransomware wiping out data on tape backups and malware hitting MYSQL Servers

938

Finland’s National Cyber Security Centre (NCSC) has issued a warning concerning a new wave of cyber threats, with hackers now deploying ransomware on Network Attached Storage (NAS) appliances and tape storage media, aiming to obliterate stored information. The Akira Ransomware group is suspected to be behind these attacks, having targeted approximately seven companies in December 2023.

Traditionally, file-encrypting malware has affected data on networked computers’ hard disk drives. However, this malicious software has evolved to impact backup storage media such as NAS devices and tape appliances.

In the event of a ransomware attack, victims are typically advised to rely on backup storage for a swift recovery. However, the recent trend of cybercriminals targeting these backup appliances leaves victimized companies with limited options, often compelling them to pay the ransom.

To mitigate this risk, NCSC-FI recommends users store critical information on offline backups or media that is not frequently connected to the internet. Security experts also advise maintaining backups in at least 2-3 geographically diverse locations, such as cloud storage and off-site backups, providing a reliable failover capability.

Another cybersecurity development involves a Turkish hacking group targeting Microsoft SQL servers globally. The Mimic Ransomware-spreading hackers specifically focus on MSSQL computers in the EU, the USA, and Latin America, employing brute force attacks for compromise.

The Securonix Threat Research team identified this new malware variant, active since November of the previous year, targeting unsecured open-source database management systems. Similar motives were observed in the Phobos Ransomware and Crysis Ransomware groups, linked to a Russian cybercrime gang offering ransomware-as-a-service.

For protection against MSSQL server compromises, experts recommend regular server patching, using a VPN when exposing servers to the internet, and implementing security measures such as blocking excessive access to the xp_cmdshell procedure. Deploying Powershell logging and monitoring new user connections at endpoints are also suggested strategies to prevent intrusive cyber attacks.

Ad

No posts to display