DB#JAMMER is Targeting Poorly Secured SQL Servers
SQL Server is being targeted again. This attack is called DB#JAMMER. And it’s targeting poorly secured SQL Servers.
What’s happening?
Attackers begin by brute-forcing access into poorly secured SQL Servers. Once they have gained access, the attackers use xp_cmdshell to deploy tools. They manipulate the firewall, if needed, and transfer files to and from the infected server. They may deploy AnyDesk or use RDP to gain more access. Eventually, they launch several different payloads, including a new Mimic ransomware variant called “FreeWorld.”
The FreeWorld ransomware encrypts data on infected systems and demands a ransom payment in exchange for the decryption key. The ransomware also includes a ransom note that threatens to publish the victim’s stolen data if the ransom is not paid.
Protecting your SQL Server from DB#JAMMER
This, of course, isn’t the first time SQL Server has been attacked. MrbMiner, Vollgar, and many others have come before. But it’s the latest not-so-gentle reminder that Microsoft SQL Servers are a popular target for ransomware attacks.
So, what should you do?
Protecting your SQL Servers from Ransomware
Unfortunately, ransomware is a real, never-ending problem that every company with a computer faces. And because ransomware is continually evolving and getting more sophisticated, protecting your environment from it is also a continual process.
Here are six things that will help protect your SQL Server.
- Regularly update SQL Server and the Operating System
- Implement robust authentication and access controls
- Implement network segmentation
- Reduce SQL Server components
- Use a secure backup strategy
- Educate employees on security best practices
You can read more about each of these steps here – Protecting SQL Server from Ransomware.
Applying SQL Server security best practices
Protecting your SQL Server from the likes of DB#JAMMER and other ransomware attacks is part of a much broader, multi-layered approach to data and network security. Unfortunately, it’s also a frequently overlooked part.
To protect your SQL Server environment, consider these four aspects.
- How to secure your SQL Server instance and network
- How to secure your SQL Server databases and objects
- How to secure your SQL Server users and roles
- How to secure your SQL Server backups and audits
Here’s a resource that elaborates on each of these areas – SQL Server Security Best Practices.
Need some help securing your SQL Server?
Here are some additional resources that may help as you review your SQL Server security posture.
- Securing Your SQL Servers, What Should You Audit?
- Who Has sysadmin Access to your SQL Servers?
- Why is it important to monitor SQL Server?
- Do I Still Need a SQL Server Health Check?
If you need help with securing your SQL Servers, let’s talk. A SQL Server Health Check can help identify gaps in security, reliability, and overall performance.