Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning.
The attackers asks for a small sum to return / not publish the data, but those who pay will not get their data back, as the bot takes only a small amount of it before wiping it all.
After deleting PostgreSQL databases, the attackers ask for 0.007 BTC. The ransom is 0.017 BTC if the bot wiped MySQL databases.
In both cases, paying the ransom won't result in victims getting their data back.
There is no lack of publicly accessible PostgreSQL and MySQL servers out there, easily discoverable via search engines like Shodan, Border0 researchers noted.
This type of automated attack against poorly secured database servers has been going on for years.
In 2020, Intruder researchers demonstrated how unsecured MongoDB databases were getting similarly compromised and wiped, and their owners faced with an almost identical ransom note.
Security researcher Kevin Beaumont says that MariaDB databases are also targeted this time around.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 18 Jan 2024 15:13:04 +0000