It has been reported that the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a Trojan known as Gh0st, which relies on a remote access malware.
However, once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR).
Cybersecurity firm Sophos says that hackers managed to exploit vulnerable Microsoft SQL server databases to install crypto mining apps https://t.co/Bn1pEGFswu — Cointelegraph (@Cointelegraph) June 10, 2020
In May, Sophos revealed that new details of Ragnar Locker ransomware attack, which runs a virtual machine on target computers in order to infect them with the ransomware, as this play the attack beyond the reach of the computer’s local antivirus software.
Thus, researchers from Sophos believe that it could escalate to a significant size.
Sophos is a British cybersecurity firm that develops products for communication endpoint, encryption, network security, e-mail security, mobile security, and unified threat management. The firm is primarily focused on providing security software to the mid-market and pragmatic enterprise from 100- to 5,000-seat organizations. To know more about the firm in detail, visit here.