Ransomware actors behind the attack are currently selling at least compromised 250,000 databases.
PLEASE_READ_ME is the name of the database attackers create on the compromised MySQL server. And since this is an open-source relational database management system, the attack exploits weak credentials, using brute-force, erasing the content from the database, and leaving a brief note instead. The note is placed in a table named “WARNING” and demands up to 0.08BTC to be payed as ransom. The ransom note contains the following message “Your databases are downloaded and backed up on our servers. If we dont receive your payment in the next 9 Days, we will sell your database to the highest bidder or use them otherwise.”
The attack is very simple, using just a script to break into the database. A backdoor is also added for persistence and future access. The bad actors behind this attack, managed to successfully attack 85000 servers.
Check the source.
Read More
- 85K MySQL Servers were hit by PLEASE_READ_ME RansomwareChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- The new Silver Sparrow malware infected 30,000 MacsChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- Investment Scammers try to trick Dating App UsersChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- LodaRAT Windows Malware affects Android DevicesChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- Cyberpunk 2077 Publishers has suffered a ransomware attackChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.