• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Hundreds of MySQL Databases Fall Victim to Ransomware

February 28, 2017 By The Editor

code

You should always protect your servers with strong passwords and multi-factor authentication. In another stark reminder of this fact, security vendor GuardiCore recently uncovered a new ransomware strain that has been targeting MySQL – a popular open source database solution used by organizations like Facebook, Google, Adobe. On February 12, hundreds of MySQL databases were attacked with a ransomware strain researchers are calling a variant of the January “MongoDB” malware attacks. 

According to a recent Network World article, this particularly ruthless ransomware variant actually erases targeted databases and replaces them with a ransom notice of 0.2 Bitcoin (BTC), or roughly $234. The ransom demands are delivered in either of two ways:

  1. A new table labeled “WARNING” is added to an infected database, demanding that victims pay 0.2 BTC, then visit a darknet site via the Tor browser and enter the IP address of the ransomed server. Then it displays an option to “check payment and get a link to the database dump.”
  2. A completely new database is created that includes a table called “PLEASE_READ.” It claims that the database has been backed up to the attacker’s servers and instructs victims to pay 0.2 BTC and email a tor.com email address to get their files back.

The cruel part is that in some cases, once they’ve been paid, attackers completely delete captive databases and disconnect without returning the files.

WatchGuard CTO, Corey Nachreiner, often recommends that you regularly backup your important data in order to prevent falling victim to just such an attack. But, if you’ve neglected to backup your files, it might feel as though you have no choice but to pay the ransom to recover them. In these cases, it’s critical that you verify the attacker does indeed have the copies of the data and that it truly can be restored.

A better defense is to prevent ransomware from ever hitting your servers or network in the first place. The latest UTM solutions offer modules that help SMBs and distributed enterprises leverage behavioral analytics to not only detect ransomware attacks, but actually prevent them. Learn more about Host Ransomware Prevention here.

Read the full article at Network World and read Corey’s Three P’s of Cyber Protection for more high-level security tips and best practices.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Hacking, Malware, passwords, ransomware, Security breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use