A campaign named DB#JAMMER is utilizing poorly secured MS SQL servers to distribute Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix revealed that the attackers gain initial access by brute-forcing the MS SQL server, followed by reconnaissance, system firewall impairment, and establishing persistence.