Security News > 2020 > December > 'Malwareless' ransomware campaign operators pwned 83k victims' MySQL servers, 250k databases up for sale
A "Malwareless" ransomware campaign delivered from UK IP addresses targeting weak security controls around internet-facing SQL servers successfully pwned 83,000 victims, according to Israeli infosec biz Guardicore.
"The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers" said Guardicore's Ophir Harpaz in a technical advisory today, estimating that there around five million MySQL servers accessible from the public internet.
Once the database servers are compromised, the miscreants operating the campaign begin a so-called "Double extortion" attack, threatening to publish data exfiltrated from the SQL silos unless victims pay a ransom, which also apparently will lead to the restoration of that data.
Around 1.2 Bitcoins was deposited to wallet addresses mentioned in ransom notes seen by Guardicore's researchers, with a total of 250,000 breached databases being offered for sale.
"The website is a good example of a double extortion mechanism - it contains all leaked databases for which ransom was not paid. The website lists 250k different databases from 83k MySQL servers, with 7TB of stolen data. Up till now, captured 29 incidents of this variant, originating from 7 different IP addresses," added Harpaz.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/12/10/mysql_malwareless_ransomware/