Threat actors are launching a sophisticated campaign known as DB#JAMMER, where they exploit vulnerable Microsoft SQL (MS SQL) servers to deploy both Cobalt Strike and a newly identified ransomware strain called FreeWorld. This campaign, as identified by cybersecurity firm Securonix, is notable for its extensive toolset, including enumeration software, RAT payloads, exploitation tools, credential theft software, and the FreeWorld ransomware.
Furthermore, these attackers initially gain access through brute-force attacks on MS SQL servers, underscoring the importance of robust password security. They then proceed to compromise systems, eventually deploying FreeWorld ransomware through lateral movement and malicious tool distribution.
This surge in ransomware attacks coincides with the emergence of new strains like Rhysida, which encrypts and exfiltrates sensitive data, leveraging it as leverage for payment.
Additionally, there’s been a recent release of a free decryptor for Key Group ransomware, taking advantage of cryptographic errors, although it’s effective only for samples compiled after August 3, 2023. The year 2023 has witnessed a significant increase in ransomware incidents, even though the percentage of victims paying has decreased to a record low of 34%. Notably, the average ransom amount paid has risen sharply to $740,144, reflecting the evolving tactics of ransomware threat actors.
As ransomware actors continue to refine their techniques, they have even begun sharing details of their attacks to challenge the eligibility of victims for cyber insurance payouts. This evolving landscape calls for heightened cybersecurity measures, emphasizing the importance of strong passwords, regular updates, and robust security practices to counter these sophisticated threats.