From securityaffairs.com
Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware.
Trigona is a malware strain that was discovered in October 2022, and Palo Alto Unit 42 researchers reported similarities between Trigona and the CryLock ransomware.
Trigona is written in Delphi language, it encrypts files without distinguishing their extensions and appends the “._locked” extension to the filename of encrypted files.
The attackers launch brute-force or dictionary attacks against the server in an attempt to guess account credentials.