Ransomware actors behind the attack are currently selling at least compromised 250,000 databases.
PLEASE_READ_ME is the name of the database attackers create on the compromised MySQL server. And since this is an open-source relational database management system, the attack exploits weak credentials, using brute-force, erasing the content from the database, and leaving a brief note instead. The note is placed in a table named “WARNING” and demands up to 0.08BTC to be paid as ransom. The ransom note contains the following message “Your databases are downloaded and backed up on our servers. If we don’t receive your payment in the next 9 days, we will sell your database to the highest bidder or use them otherwise.”
The attack is very simple, using just a script to break into the database. A backdoor is also added for persistence and future access. The bad actors behind this attack managed to successfully attack 85000 servers.
Check the source.
- FBI: Business Email Compromise – a $43B ScamA new FBI report warns of a staggering spike in hacking activities using the Business Email Compromise technique (BEC), […]
- NVIDIA Confirms Employee Credentials And Proprietary Data Stolen During CyberattackNVIDIA confirmed the Lapsus$ cyberattack and the data leak that followed, saying it first became aware of the security […]
- FoxBlade Trojan Hit Ukraine Right Before The 24 Feb Devastating Russian InvasionMicrosoft discovered an attack using the FoxBlade malware that had compromised Ukrainian systems just hours before Russia’s massive and […]
- Anonymous Group Sides With Ukraine And Declares Cyberwar On RussiaThe hacker collective known as the Anonymous group announced its support to Ukraine. It defied Vladimir Putin by taking […]
- Phishing Attacks Against Those Who Help Ukrainian RefugeesCybercriminals used a compromised military email address to launch phishing attacks targeting EU personnel aiding Ukrainian citizens who had […]