Vollgar

The servers of the MS-SQL (Microsoft SQL) service are once again targeted by cybercriminals. In this new campaign, the attackers are deploying a threat dubbed Vollgar. However, the attack is not very elegant. Instead of looking for potential vulnerabilities in outdated software, the attackers are scanning for any MS-SQL servers that may be accessible via the Internet. If the scanning returns a positive result, the Vollgar threat will attempt to use brute force to get the login credentials needed. Unless the administrator of the targeted server has used a strong password, the attackers may be able to hijack their MS-SQL server via brute force.

Once the Vollgar threat manager to compromise the targeted MS-SQL server, it will install a Trojan backdoor on the system. This would enable the attackers to execute remote commands on the infected host. According to reports, the Vollgar malware has been very active – there are approximately 2,000 – 3,000 MS-SQL servers that the threat infects a day. The targeted servers appear to be operating within various industries such as IT, healthcare, telecommunications, etc.
As soon as the Trojan backdoor is successfully initialized, it will:

• Use downloader scripts created prior to the attack that will plant additional corrupted payloads on various system folders, which would make it far more difficult to remove the threat.
• Use a script, which will halt certain processes that may be using too much computing power.
• Disable any cryptomining software present on the targeted system.
• Deploy cryptocurrency mining applications and RATs (Remote Access Trojans) on the compromised system.

Most cryptocurrency miners deployed by cybercriminals focus on mining Monero. However, the Vollgar malware mines not only Monero but also a lesser-known cryptocurrency dubbed Vollar. The Vollgar malware may be able to use a keylogging module to collect sensitive data. This threat is likely going to inject additional corrupted payloads into the infected system. It is likely also able to manage the system’s processes and collect information regarding the software and hardware of the host.

The Vollgar threat is capable of causing a lot of damage, and system administrators need to optimize their game if they want to keep their servers safe.