Ransomware actors behind the attack are currently selling at least compromised 250,000 databases.
PLEASE_READ_ME is the name of the database attackers create on the compromised MySQL server. And since this is an open-source relational database management system, the attack exploits weak credentials, using brute-force, erasing the content from the database, and leaving a brief note instead. The note is placed in a table named “WARNING” and demands up to 0.08BTC to be payed as ransom. The ransome note contains the following message “Your databases are downloaded and backed up on our servers. If we dont receive your payment in the next 9 Days, we will sell your database to the highest bidder or use them otherwise.”
The attack is very simple, using just a script to break into the database. A backdoor is also added for persistence and future access. The bad actors behind this attack, managed to successfully attack 85000 servers.
Check the source.
- Stolen Credentials Used In Data Theft At The United Nations On April 5In a rather bold data theft attack, threat actors used stolen credentials to hack into the United Nations’ proprietary […]
- CERT-RO Warns Of A New Instagram Phishing CampaignSocial media has caught the eye of bad guys, who prey on any opportunity to go phishing. A new […]
- Emerging New Android Trojan Worries ExpertsA new Android trojan appeared in August and caught researchers’ attention with its bold roadmap (think ransomware, DDoS). Experts […]
- WhatsApp Bug Allows Sensitive Data To Be StolenResearchers discovered a new WhatsApp bug hidden in its pic-retouching function that could allow an attacker to steal sensitive […]
- Scammers Use New Phishing Strategy To Steal Your PasswordsPay close attention to email links, because they might not send you where you expect. Attackers found a new […]