In the dark web, 250 тысяч баз данных MySQL were put up for sale at a price of 0.03 BTC per unit (about $530 at the time of writing). The total value of the data exceeds $132 million.
Guardicore says the 7 TB databases were stolen from 83,000 servers.
Initially the attackers download the file to their own computer, then delete it from the server and leave the victim a ransom note. If the victim does not pay within nine days, the data are put up for public auction.
The first ransomware attack was recorded on January 24. Over the year, Guardicore researchers identified 92 attacks, which surged in October. The hackers use 11 different IP addresses, most of which are in Ireland and the United Kingdom.
The Bitcoin Abuse service links the hackers to минимум восемь кошельков. One of them содержит 4,01 BTC (чуть более $72 000 на момент написания).
Since October, the ransomware group changed its payment method and accepts payments not to a Bitcoin wallet, but through a specially created site on the Tor network. To access it, victims must use the unique identifier provided in the ransom note from the extortionist.
Guardicore researchers note that the attack is indiscriminate and they can infect any of the 5 million MySQL servers connected to the Internet.
In November, the Delaware County information systems in the US state of Pennsylvania were hit by the DoppelPaymer ransomware. Authorities paid the attackers $500 000 in Bitcoin.
In total from November 2019 to November 2020, hackers conducted more than 500 public ransomware attacks in over 45 countries. The total damage from their activity exceeded $1 billion.
Subscribe to ForkLog news on Telegram: ForkLog Feed — full news feed, ForkLog — the most important news and polls.