Trigona Ransomware Targets Weakly Configured Microsoft SQL Servers

Trigona ransomware operators are targeting unsecured and internet-exposed Microsoft SQL (MS-SQL) servers, discovered AhnLab. They breach servers via brute-force attacks to crack account credentials. Before encryption, the attackers claim to steal sensitive documents that will be added to dark web leak sites if the ransom is not paid.