Thousands of MySQL databases are potential victims to a ransom attack that appears to be an evolution of the MongoDB ransack campaign observed a couple months ago.As part of the attack, unknown actors are brute forcing poorly secured MySQL servers, enumerate existing databases and their tables, stealing them, and creating a new table to instruct owners to pay a 0.2 Bitcoin (around $200) ransom. Paying, the attackers claim, would provide owners with access to their data, but that’s not entirely true, as some databases are deleted without being stolen.
Attackers were observed overwriting each other’s ransom notes on the targeted databases, and were no longer copying the original data, but simply deleting it. Victims couldn’t retrieve their data even if they paid the ransom.Now, MySQL databases are under fire: using online tools, actors search for servers secured with very weak passwords, brute force them to gain access, then replace the databases with their own table containing a ransom note
http://www.securityweek.com/mysql-databases-targeted-new-ransom-attacks
Leave a Reply
You must be logged in to post a comment.