Internet-connected MySQL databases around the globe are getting qualified by a double extortion ransomware campaign that researchers have dubbed Remember to_Read_ME.
The marketing campaign, which dates back again to at least January 2020, was detected by researchers at Guardicore Labs. So far, it has breached additional than 83,000 of the more than 5 million internet-struggling with MySQL databases in existence all over the world.
Straightforward but productive in its method, the marketing campaign makes use of file-a lot less ransomware to exploit weak qualifications in MySQL servers. Soon after getting entry, the attackers lock the databases and steal facts.
The attack is a double extortion mainly because its authors use two distinctive tactics to transform a gain. Initial, they check out to blackmail the database proprietors into handing over money to retrieve obtain to their knowledge. Next, they sell the stolen details on the web to the highest bidder.
Scientists famous that the attackers have been equipped to offer above 250,000 databases for sale on a dark web auction web page so considerably.
The attackers depart a backdoor user on the databases for persistence, allowing them to re-accessibility the network whenever the temper strikes them.
Scientists have been able to trace the origins of the attacks to 11 distinctive IP addresses, the vast majority of which are centered in Ireland and the UK.
Since recognizing the very first attack on January 24, the Guardicore World Sensors Network (GGSN) has noted a complete of 92 attacks. Given that October, the charge at which attacks are getting released has risen steeply.
Two variants have been made use of about the campaign’s life time, displaying an evolution in the attackers’ ways. The first was applied from January to the end of November for 63 attacks, and the next stage kicked off on Oct 3, halting at November’s finish.
In stage just one, the attackers still left a ransom note with their wallet handle, the sum of Bitcoin to fork out, and an email deal with for specialized guidance. Victims were presented 10 days to fork out up.
“We located that a complete of 1.2867640900000001 BTC had been transferred to these wallets, equal to 24,906 USD,” observed researchers.
In the next stage, the attackers ditched the Bitcoin wallet in favor of a website in the TOR network in which payment could be manufactured.
Some pieces of this write-up are sourced from: