Ransomware actors behind the attack are currently selling at least compromised 250,000 databases.
PLEASE_READ_ME is the name of the database attackers create on the compromised MySQL server. And since this is an open-source relational database management system, the attack exploits weak credentials, using brute-force, erasing the content from the database, and leaving a brief note instead. The note is placed in a table named “WARNING” and demands up to 0.08BTC to be payed as ransom. The ransom note contains the following message “Your databases are downloaded and backed up on our servers. If we dont receive your payment in the next 9 Days, we will sell your database to the highest bidder or use them otherwise.”
The attack is very simple, using just a script to break into the database. A backdoor is also added for persistence and future access. The bad actors behind this attack, managed to successfully attack 85000 servers.
Check the source.
- Users of popular crypto app Maiar are targetted by SMiShingMaiar is a digital crypto wallet and global payments app that allows users to exchange and securely store money […]
- PHOBOS Ransomware Attack Hits Romanian Hospital on July 22A ransomware attack targeted Witting Clinical Hospital in Bucharest. Hackers took control of the healthcare provider’s servers, encrypted the […]
- 740 Ransomware Victims Listed On Data Leak Sites in Q2 2021, New Report ShowsA new report from Digital Shadow highlights the worrying information that the number of ransomware victims named on data […]
- Kaseya Gets Universal Decryptor for REvil RansomwareThe decryptor vendor will work closely with customers affected by this July’s outbreak of ransomware attacks to help recover […]
- Possibly the Highest Ransomware Payment Ever: CNA reportedly paid $40 million to hackersOne of the biggest US insurance companies, CNA, paid a ransom worth $40 million to attackers after a massive […]