Ransomware actors behind the attack are currently selling at least compromised 250,000 databases.
PLEASE_READ_ME is the name of the database attackers create on the compromised MySQL server. And since this is an open-source relational database management system, the attack exploits weak credentials, using brute-force, erasing the content from the database, and leaving a brief note instead. The note is placed in a table named “WARNING” and demands up to 0.08BTC to be payed as ransom. The ransom note contains the following message “Your databases are downloaded and backed up on our servers. If we dont receive your payment in the next 9 Days, we will sell your database to the highest bidder or use them otherwise.”
The attack is very simple, using just a script to break into the database. A backdoor is also added for persistence and future access. The bad actors behind this attack, managed to successfully attack 85000 servers.
Check the source.
- Explosive Phishing Attack Targets Financial CompaniesResearchers warn about a new phishing attack targetting employees in financial services, using a poisoned Excel file. This Phishing […]
- BEC Scams: New Unit 42 Report Reveals Concerning FiguresPalo Alto’s Unit 42 just dropped a new report on BEC scams – business email compromise is one of […]
- This Phishing Scam Is After Your Microsoft 365 Account PasswordsA newly discovered phishing scam called TodayZoo sends out URLs to spoofed Microsoft 365 login pages. The Phishing Scam […]
- Massive Account-Stealing Phishing Scam Targeting YouTube CreatorsGoogle discovered an extensive cookie-swiping phishing scam targeting YouTube content providers and stealing accounts. A new report from the […]
- $5.2B In Bitcoin Ransomware Transactions Paid in First Half of ’21, New Report RevealsA new report shows that organizations paid a staggering $5.2B in Bitcoin in 2021 H1 to cybercriminals. Additionally, ransomware […]