SQL Server admins warned about Fargo ransomware Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up. The warning comes in a blog posting from analysts at the AhnLab Security Emergency Response Center (ASEC …
and change them periodically to protect the database server from brute force attacks and dictionary attacks, which any IT pro worth their name will have been doing already
This goes against best practice, and only helps if your password later appears in password lists: which is won't if it was good enough in the first place (20+ chards from random password generator) and not reuse.
Just repeating this bad advice makes me question the source.
NCSC: https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry
Might just be me but "a Fargo attack starts with the SQL Server process on a compromised machine being used to download a .net file via the cmd.exe and powershell.exe consoles" would seem to indicate that the best course of action is to not allow your SQL servers access to anything on the internet.
I am sure someone will point me to a valid reason but personally I am at a loss.
So now I find myself cheering on it the Bad Guys, who can be bothered to learn that it has been a long time since file name extensions were restricted to three or less characters.
Looking at the current darling of the programming world who decided to use .rs instead of .rust, just as the latest example.
And the Bad Guys even know you can append extra extensions, like myfile.txt.fargo3, which could open so many avenues if more people knew about it (see more in the file rants.markdown.txt)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
