You should always protect your servers with strong passwords and multi-factor authentication. In another stark reminder of this fact, security vendor GuardiCore recently uncovered a new ransomware strain that has been targeting MySQL – a popular open source database solution used by organizations like Facebook, Google, Adobe. On February 12, hundreds of MySQL databases were attacked with a ransomware strain researchers are calling a variant of the January “MongoDB” malware attacks.
According to a recent Network World article, this particularly ruthless ransomware variant actually erases targeted databases and replaces them with a ransom notice of 0.2 Bitcoin (BTC), or roughly $234. The ransom demands are delivered in either of two ways:
- A new table labeled “WARNING” is added to an infected database, demanding that victims pay 0.2 BTC, then visit a darknet site via the Tor browser and enter the IP address of the ransomed server. Then it displays an option to “check payment and get a link to the database dump.”
- A completely new database is created that includes a table called “PLEASE_READ.” It claims that the database has been backed up to the attacker’s servers and instructs victims to pay 0.2 BTC and email a tor.com email address to get their files back.
The cruel part is that in some cases, once they’ve been paid, attackers completely delete captive databases and disconnect without returning the files.
WatchGuard CTO, Corey Nachreiner, often recommends that you regularly backup your important data in order to prevent falling victim to just such an attack. But, if you’ve neglected to backup your files, it might feel as though you have no choice but to pay the ransom to recover them. In these cases, it’s critical that you verify the attacker does indeed have the copies of the data and that it truly can be restored.
A better defense is to prevent ransomware from ever hitting your servers or network in the first place. The latest UTM solutions offer modules that help SMBs and distributed enterprises leverage behavioral analytics to not only detect ransomware attacks, but actually prevent them. Learn more about Host Ransomware Prevention here.