Old tricks with a new twist include turning off firewalls and moving around the network.
Cobalt Strike and FreeWorld ransomware are distributed by cybercriminals through the use of MS-SQL servers that are vulnerably hosted. Researchers from Securonix have reported this and have given the malicious campaign the codename "DB#Jammer".
Experts claim that attackers first gain access to a vulnerable server by using brute-force passwords, after which they use it to install malware and gather data about the victim's network. After that, they connect to remote resources to download more tools, like Cobalt Strike, by disabling the firewall and doing so online.
Once on the compromised hosts, the hackers move around the network to install the legitimate AnyDesk remote access program and the FreeWorld ransomware. Additionally, it is said that the attackers unsuccessfully attempted to use the Ngrok service to set up remote access persistence.
In order to reduce the risk of such attacks, experts advise organizations to strengthen their cybersecurity. In particular, it's important to use complex passwords, update software frequently, backup data, and educate staff about basic cyber hygiene.
Furthermore, it's critical to promptly apply vulnerability patches and update anti-malware software. The best defense against ransomware and other online threats is a comprehensive information security strategy.