Security News > 2024 > January > Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot
Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning.
Spurred by a recent tweet in which the poster shared that their accidentally exposted PostgreSQL server was "Immediately" compromised and wiped, Border0 researchers wanted to see whether and how quickly a simple PostgreSQL server - accessible from anywhere on the Internet by using the postgres username and the password password - would be targeted by the same bot once they exposed it online.
After deleting PostgreSQL databases, the attackers ask for 0.007 BTC. The ransom is 0.017 BTC if the bot wiped MySQL databases.
There is no lack of publicly accessible PostgreSQL and MySQL servers out there, easily discoverable via search engines like Shodan, Border0 researchers noted.
This type of automated attack against poorly secured database servers has been going on for years.
Security researcher Kevin Beaumont says that MariaDB databases are also targeted this time around.
News URL
https://www.helpnetsecurity.com/2024/01/18/postgresql-mysql-ransomware-bot/