Sign in / up

back to article SQL Server admins warned about Fargo ransomware

Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up. The warning comes in a blog posting from analysts at the AhnLab Security Emergency Response Center (ASEC …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. richardcox13

    Changing Passwords is NOT good practice

    and change them periodically to protect the database server from brute force attacks and dictionary attacks, which any IT pro worth their name will have been doing already

    This goes against best practice, and only helps if your password later appears in password lists: which is won't if it was good enough in the first place (20+ chards from random password generator) and not reuse.

    Just repeating this bad advice makes me question the source.

    NCSC: https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry

    6 0 Reply
    1. richardcox13
      Reply Icon

      Re: Changing Passwords is NOT good practice

      Edit: "blokequote" seems a thing that HTML shouldn't have, so I'm glad that didn't work!

      1 0 Reply
      1. Michael Wojcik Silver badge
        Reply Icon

        Re: Changing Passwords is NOT good practice

        Dude, the vast majority of HTML is composed of blokequotes.

        0 0 Reply
  2. Lorribot

    Its a SQL server not a web server

    Might just be me but "a Fargo attack starts with the SQL Server process on a compromised machine being used to download a .net file via the cmd.exe and powershell.exe consoles" would seem to indicate that the best course of action is to not allow your SQL servers access to anything on the internet.

    I am sure someone will point me to a valid reason but personally I am at a loss.

    4 0 Reply
  3. that one in the corner Silver badge

    "it used the file extension .mallox"

    So now I find myself cheering on it the Bad Guys, who can be bothered to learn that it has been a long time since file name extensions were restricted to three or less characters.

    Looking at the current darling of the programming world who decided to use .rs instead of .rust, just as the latest example.

    And the Bad Guys even know you can append extra extensions, like myfile.txt.fargo3, which could open so many avenues if more people knew about it (see more in the file rants.markdown.txt)

    2 0 Reply
  4. Auntie Dix Bronze badge
    Meh

    Reaching for the Maalox

    Clearly, the file-extension-misspelling fiends know that they cause acid indigestion and have stock in the company that owns the remedy.

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like