Search

Hackers are selling more than 85,000 SQL databases on a dark web portal - ZDNet

guduka.blogspot.com
dark web
Image: Nicolas Picard

More than 85,000 MySQL databases are currently on sale on a dark web portal for a price of only $550/database.

The portal, brought to ZDNet's attention earlier today by a security researcher, is part of a database ransom scheme that has been going on since the start of 2020.

Hackers have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back.

While initial ransom notes asked victims to contact the attackers via email, as the operation grew throughout the year, the attackers also automated their DB ransom scheme with the help of a web portal, first hosted online at sqldb.to and dbrestore.to, and then moved an Onion address, on the dark web.

sql-ransom-note.png
Image: ZDNet

Victims who access the gang's sites are asked to enter a unique ID, found in the the ransom note, before being presented with the page where their data is being sold.

sql-ransom-site-individual-id.png
Image: ZDNet
sql-ransom-site-individual.png
Image: ZDNet

If victims don't pay within a nine-day period, their data is put up for auction on another section of the portal.

sql-auction-site.png
Image: ZDNet
sql-auction-site-individual.png
Image: ZDNet

The price for recovering or buying a stolen database must be paid in bitcoin. The actual price has varied across the year as the BTC/USD exchange rate fluctuated but has usually remained centered around a $500 figure for each site, regardless of the content they included.

This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information.

Signs of these ransom attacks have been piling up over the course of 2020, with the number of complaints from server owners finding the ransom note inside their databases popping up on Reddit, the MySQL forumstech support forumsMedium posts, and private blogs.

Bitcoin addresses used for the ransom demands have also been piling up on BitcoinAbuse.com [12345678], a website that indexes Bitcoin addresses used in cybercrime operations.

These attacks mark the most concerted effort to ransom SQL databases since the winter of 2017 when hackers hit MySQL servers in a series of attacks that also targeted MongoDB, Elasticsearch, Hadoop, Cassandra, and CouchDB servers as well.

Let's block ads! (Why?)



"selling" - Google News
December 10, 2020 at 10:29AM
https://ift.tt/37072P5

Hackers are selling more than 85,000 SQL databases on a dark web portal - ZDNet
"selling" - Google News
https://ift.tt/2QuLHow
https://ift.tt/2VYfp89

Bagikan Berita Ini

0 Response to "Hackers are selling more than 85,000 SQL databases on a dark web portal - ZDNet"

Post a Comment

Powered by Blogger.