{"id":33243,"date":"2020-12-11T17:29:26","date_gmt":"2020-12-11T15:29:26","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=33243"},"modified":"2025-08-28T12:52:32","modified_gmt":"2025-08-28T09:52:32","slug":"hackers-demand-132-million-in-bitcoin-for-7tb-of-mysql-databases","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-demand-132-million-in-bitcoin-for-7tb-of-mysql-databases\/","title":{"rendered":"Hackers demand $132 million in Bitcoin for 7TB of MySQL databases"},"content":{"rendered":"<p>In the dark web, <a href=\"https:\/\/www.guardicore.com\/labs\/please-read-me-opportunistic-ransomware-devastating-mysql-servers\/\" target=\"_blank\" rel=\"noopener noreferrer\">250 \u0442\u044b\u0441\u044f\u0447 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL<\/a> were put up for sale at a price of 0.03 BTC per unit (about $530 at the time of writing). The total value of the data exceeds $132 million.<!--more--><\/p>\n<p>Guardicore says the 7 TB databases were stolen from 83,000 servers.<\/p>\n<p>Initially the attackers download the file to their own computer, then delete it from the server and leave the victim a ransom note. If the victim does not pay within nine days, the data are put up for public auction.<\/p>\n<p>The first ransomware attack was recorded on January 24. Over the year, Guardicore researchers identified 92 attacks, which surged in October. The hackers use 11 different IP addresses, most of which are in Ireland and the United Kingdom.<\/p>\n<p>The Bitcoin Abuse service links the hackers to <a href=\"https:\/\/www.zdnet.com\/article\/hackers-are-selling-more-than-85000-sql-databases-on-a-dark-web-portal\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0432\u043e\u0441\u0435\u043c\u044c \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u043e\u0432<\/a>. One of them <a href=\"https:\/\/www.bitcoinabuse.com\/reports\/1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD?page=4\" target=\"_blank\" rel=\"noopener noreferrer\">\u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 4,01 BTC<\/a> (\u0447\u0443\u0442\u044c \u0431\u043e\u043b\u0435\u0435 $72 000 \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f).<\/p>\n<p>Since October, the ransomware group changed its payment method and accepts payments not to a Bitcoin wallet, but through a specially created site on the Tor network. To access it, victims must use the unique identifier provided in the ransom note from the extortionist.<\/p>\n<p>Guardicore researchers note that the attack is indiscriminate and they can infect any of the 5 million MySQL servers connected to the Internet.<\/p>\n<p>In November, the Delaware County information systems in the US state of Pennsylvania were hit by the DoppelPaymer ransomware. Authorities paid the attackers <a href=\"https:\/\/forklog.com\/en\/news\/delaware-county-authorities-paid-hackers-500000-in-bitcoin\">$500 000 in Bitcoin<\/a>.<\/p>\n<p>In total from November 2019 to November 2020, hackers conducted more than 500 public ransomware attacks in over 45 countries. The total damage from their activity <a href=\"https:\/\/forklog.com\/en\/news\/ransomware-damage-since-late-2019-has-topped-1-billion\">exceeded $1 billion<\/a>.<\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 full news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the dark web, 250,000 MySQL databases are for sale at 0.03 BTC per unit (about $530 at the time of writing). The total value of the data exceeds $132 million.<\/p>\n","protected":false},"author":1,"featured_media":33244,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1829],"class_list":["post-33243","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-database"],"aioseo_notices":[],"amp_enabled":true,"views":"26","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/33243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=33243"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/33243\/revisions"}],"predecessor-version":[{"id":33245,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/33243\/revisions\/33245"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/33244"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=33243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=33243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=33243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}