Campaigns
Threat Actors Deploy FreeWorld Ransomware by Hijacking MSSQL Servers on DB Jammer

Threat Actors Deploy FreeWorld Ransomware by Hijacking MSSQL Servers on DB Jammer

MSSQLCobalt StrikeDB#JAMMERFreeWorld
Threat actors working as part of DB JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks and appear to be well tooled and ready to deliver ransomware and Cobalt Strike payloads.

Indicators of Compromise

No domains found for this campaign

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

REMEDIATIONS:

  • Use strong passwords and rate limiting for login attempts when running internet-facing services.

  • Limit usage of xp_cmdshell stored procedure in MSSQL environments

  • Use VPN programs

  • Monitor common malware staging directories, especially "C:\Windows\Temp" used in this attack campaign

Observed Countries250

AD (481)
AE (134)
AF (267)
AG (577)
AI (217)
AL (736)
AM (595)
AO (235)
AQ (635)
AR (530)
AS (971)
AT (239)
AU (149)
AW (914)
AX (270)
AZ (399)
BA (717)
BB (10)
BD (348)
BE (456)
BF (507)
BG (977)
BH (350)
BI (271)
BJ (711)
BL (302)
BM (604)
BN (514)
BO (612)
BQ (660)
BR (910)
BS (401)
BT (1)
BV (622)
BW (841)
BY (216)
BZ (513)
CA (577)
CC (706)
CD (614)
CF (756)
CG (956)
CH (119)
CI (806)
CK (863)
CL (695)
CM (573)
CN (104)
CO (914)
CR (567)
CU (633)
CV (988)
CW (197)
CX (912)
CY (776)
CZ (175)
DE (806)
DJ (191)
DK (217)
DM (704)
DO (805)
DZ (234)
EC (828)
EE (760)
EG (893)
EH (99)
ER (857)
ES (127)
ET (284)
FI (872)
FJ (174)
FK (854)
FM (247)
FO (813)
FR (572)
GA (282)
GB (985)
GD (137)
GE (811)
GF (2)
GG (685)
GH (970)
GI (396)
GL (711)
GM (953)
GN (631)
GP (997)
GQ (400)
GR (340)
GS (329)
GT (16)
GU (128)
GW (130)
GY (243)
HK (440)
HM (420)
HN (662)
HR (228)
HT (442)
HU (770)
ID (42)
IE (676)
IL (238)
IM (747)
IN (283)
IO (699)
IQ (982)
IR (180)
IS (171)
IT (325)
JE (985)
JM (621)
JO (31)
JP (661)
KE (52)
KG (25)
KH (805)
KI (336)
KM (58)
KN (812)
KP (266)
KR (338)
KW (624)
KY (723)
KZ (280)
LA (889)
LB (950)
LC (418)
LI (799)
LK (324)
LR (845)
LS (473)
LT (819)
LU (802)
LV (790)
LY (895)
MA (114)
MC (927)
MD (330)
ME (437)
MF (929)
MG (855)
MH (345)
MK (732)
ML (245)
MM (689)
MN (521)
MO (483)
MP (750)
MQ (357)
MR (488)
MS (986)
MT (362)
MU (511)
MV (832)
MW (668)
MX (261)
MY (830)
MZ (988)
NA (182)
NC (448)
NE (726)
NF (228)
NG (772)
NI (335)
NL (677)
NO (213)
NP (616)
NR (145)
NU (137)
NZ (275)
OM (571)
PA (312)
PE (329)
PF (331)
PG (191)
PH (88)
PK (815)
PL (779)
PM (529)
PN (106)
PR (484)
PS (996)
PT (66)
PW (603)
PY (727)
QA (556)
RE (331)
RO (908)
RS (310)
RU (233)
RW (97)
SA (379)
SB (942)
SC (802)
SD (750)
SE (583)
SG (815)
SH (54)
SI (189)
SJ (602)
SK (192)
SL (645)
SM (595)
SN (839)
SO (878)
SR (224)
SS (285)
ST (252)
SV (810)
SX (665)
SY (122)
SZ (983)
TC (679)
TD (697)
TF (634)
TG (581)
TH (407)
TJ (851)
TK (169)
TL (871)
TM (921)
TN (635)
TO (911)
TR (307)
TT (923)
TV (684)
TW (114)
TZ (739)
UA (595)
UG (171)
UM (111)
US (574)
UY (44)
UZ (580)
VA (314)
VC (534)
VE (569)
VG (959)
VI (394)
VN (672)
VU (878)
WF (52)
WS (608)
XK (777)
YE (450)
YT (894)
ZA (413)
ZM (461)
ZW (528)