"Microsoft SQL Servers Hacked to Deploy Trigona Ransomware"

Hackers are infiltrating inadequately protected and Internet-exposed Microsoft SQL (MS-SQL) servers in order to deploy Trigona ransomware and encrypt all files. The MS-SQL servers are being compromised by brute-force or dictionary attacks that exploit account credentials that are easy to guess. After connecting to a server, the threat actors deploy malware called CLR Shell by researchers from the South Korean cybersecurity company AhnLab who discovered the attacks. This malware collects system information, modifies the compromised account's configuration, and escalates privileges to LocalSystem by exploiting a flaw in the Windows Secondary Logon Service, which is required to initiate the ransomware as a service. This article continues to discuss the hacking of MS-SQL servers to deploy Trigona ransomware payloads. 

Bleeping Computer reports "Microsoft SQL Servers Hacked to Deploy Trigona Ransomware"