85,000 MySQL servers were attacked by ransomware which compromised at least 250,000 databases.
Researchers have alerted users around the world about ransomware dubbed as “PLEASE_READ_ME”. The ransomware has successfully compromised 85k MySQL servers and has posted the stolen data for sale over the internet.
The attack exploits weak credentials on internet-facing MySQL servers. The brute-force method is being used by hackers to steal the credentials of servers. MySQL is an open-source database management platform that is widely used around the globe.
After the successful attack, the targeted data is archived in a zipped file which is sent to the attackers’ servers and then deleted from the database. The hackers leave a ransom note stating that if the victim fails to pay the demanded ransom, compromised data will either be sold or used otherwise.
The attack is simple yet dangerous as it is almost fileless. There are no binary payloads involved in the attack, there is only a simple script that breaks in the database, steals information, and leaves a message.
NPAV recommends users to use strong passwords to protect their data and servers. Using good combinations of special characters, alphabets and numbers are always helpful. Install NPAV on your devices to keep them protected from all kinds of cyberattacks.
Use NPAV and join us on a mission to secure the cyber world.