A quarter of a million databases stolen from tens of 1000’s of breached MySQL servers are remaining available for sale on the dark web, according to security researchers from Guardicore Labs.
Hackers are believed to have attained 7TB of stolen knowledge working with the Be sure to_Study_ME ransomware marketing campaign, productively targeting around 83,000 MySQL databases servers.
You should_Read_ME has reportedly been energetic because January 2020, attacking weak qualifications on internet-dealing with MySQL servers.
Considering the fact that then, Guardicore Global Sensors Network (GGSN) claimed 92 attacks, with numbers mounting sharply in October. According to Guardicore researchers, the ransomware attacks originated from 11 distinct IP addresses, most of which have been observed to be positioned in the UK and Ireland.
The ransomware campaign is untargeted, indicating that it attempts to infect any of the 5 million MySQL servers which are internet-dealing with. Hackers exploit weak qualifications and are equipped to re-obtain the network by leaving a backdoor user on the databases for persistence.
Guardicore Labs researchers managed to find two distinctive variants for the duration of the lifetime of this marketing campaign. The initially, which lasted from January to the conclusion of November, observed attackers leaving their victims a ransom take note with their wallet address, the volume of Bitcoin to pay out, as well as an email deal with for complex assist, with 10 times being provided to make the payment.
The next variant, which began on 3 October and also lasted right until late November, acquired rid of the Bitcoin wallet payments and email communications. In its place, hackers opted for a web-site in the Tor network to get payments and utilized one of a kind alphanumeric tokens, outlined in the ransom notes, to detect the victims.
In a web site post detailing the discovery, security researchers Ophir Harpaz and Omri Marom mentioned that the “PLEASE_Study_ME operators are trying to up their video game by applying double extortion in scale”.
“Factoring their procedure will render the campaign additional scalable and rewarding. Guardicore Labs offers an IOCs repository and will continue to keep monitoring this campaign to help corporations guard towards it,” they added.
Some components of this post are sourced from: