CyberSecurityBoard
Sponsor Register Login

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning.
The attackers asks for a small sum to return / not publish the data, but those who pay will not get their data back, as the bot takes only a small amount of it before wiping it all.
After deleting PostgreSQL databases, the attackers ask for 0.007 BTC. The ransom is 0.017 BTC if the bot wiped MySQL databases.
In both cases, paying the ransom won't result in victims getting their data back.
There is no lack of publicly accessible PostgreSQL and MySQL servers out there, easily discoverable via search engines like Shodan, Border0 researchers noted.
This type of automated attack against poorly secured database servers has been going on for years.
In 2020, Intruder researchers demonstrated how unsecured MongoDB databases were getting similarly compromised and wiped, and their owners faced with an almost identical ransom note.
Security researcher Kevin Beaumont says that MariaDB databases are also targeted this time around.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 18 Jan 2024 15:13:04 +0000


Cyber News related to Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
2 weeks ago Cybersecuritynews.com
Why Bot Management Should Be a Crucial Element of Your Marketing Strategy - Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and ...
9 months ago Imperva.com
What's worse than paying extortion bot that pwned your DB? The Register - Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot - one that marks who pays up and who is not getting their data back. Origin unknown, the bot is routinely breaching ...
1 year ago Go.theregister.com
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but those who ...
1 year ago Helpnetsecurity.com
DataDome Expands Bot Bounty Program to the Public, Invites Researchers to Rigorously Test its Solution - PRESS RELEASE. NEW YORK, Feb. 13, 2024 /PRNewswire/ - DataDome, a leading provider of AI-powered online fraud and bot management, today announced it has opened its bot bounty program to the public, in partnership with ethical hacking platform ...
1 year ago Darkreading.com
3 Ways to Use Real-Time Intelligence to Defeat Bots - These days, online businesses must grapple with their own version of the replicant dilemma, as they try to make it easy for their human customers to use their sites, while keeping out a new generation of human-like bots. Bots, of course, are hardly a ...
1 year ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed - Key elements for a successful cyber risk management strategyIn this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and ...
1 year ago Helpnetsecurity.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
1 year ago Techrepublic.com LockBit
Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
1 year ago Cybersecuritynews.com LockBit BianLian Everest Ragnar Locker Black Basta
Ransomware review: January 2024 - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In February, there were 376 ransomware victims, marking an unusually active month for the historically subdued time period. February didn't ...
11 months ago Malwarebytes.com LockBit Black Basta
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
11 months ago Feeds.fortinet.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
5 months ago Securelist.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)