<p>According to the latest report from ASEC (AhnlLab Security Emergency Response Center), new ransomware is in distribution that targets vulnerable Microsoft SQL servers.</p>
<p><img class="alignnone size-full wp-image-4770" src="https://www.wincert.net/wp-content/uploads/2022/09/database-g71a42639b_640.jpg" alt="" width="640" height="213" /></p>
<p>FARGO ransomware variant is not completely new as it was already used in the past and was named Mallox since it was using the .mallox file extension.</p>
<p>Considering that Microsoft SQL servers are used for relational database management and therefore are storing and retrieving data for many software applications and internet services, issues with SQL can present a huge problem for corporations.</p>
<p>SQL servers can get infected when the MS-SQL process downloads a .NET file using a command prompt or PowerShell. Afterward, the infected file additionally downloads and loads malware that usually stops specific processes and services.</p>
<p><em>“The ransomware’s behavior begins by being injected into AppLaunch.exe, a normal Windows program. It attempts to delete a registry key on a certain path, and executes the recovery deactivation command, and closes certain processes.”,</em> ASEC explained.</p>
<p>The ASEC researchers also said that FARGO encrypts files but not all of them, leaving the system partly accessible.</p>
<p>Cybercriminals rename encrypted files using the .Fargo3 extension with the ransom note generated in the folder with the name &#8220;RECOVERY FILES.txt&#8221;. In the recovery message, a victim can see threats of their files being permanently deleted or published in the public domain if they refuse to pay the ransom or try to use third-party software to decrypt files.</p>