In excess of 85,000 MySQL information bases are presently marked down on a dim online interface at a cost of just $550/information base.
The entrance, drawn out into the open recently by a security scientist, is essential for an information base payment conspire that has been going on since the beginning of 2020.
Programmers have been breaking into MySQL information bases, downloading tables, erasing the firsts, and leaving pay-off notes behind, advising worker proprietors to contact the assailants to get their information back.
While starting payment notes requested that casualties contact the assailants by means of email, as the activity developed consistently, the aggressors additionally computerized their DB recover plot with the assistance of a web-based interface, first facilitated online at sqldb.to and dbrestore.to, and afterward moved an Onion address, on the dim web.
Casualties who access the posse’s locales are approached to enter an exceptional ID, found in the payment note, prior to being given the page where their information is being sold.
On the off chance that casualties don’t pay inside a nine-day time frame, their information is set available to be purchased on another part of the entryway.
The cost for recuperating or purchasing a taken information base should be paid in bitcoin. The genuine cost has differed across the year as the BTC/USD conversion scale changed however has for the most part stayed revolved around a $500 figure for each site, paying little mind to the substance they notwithstanding.
This recommends that both the DB interruptions and the payment/closeout pages are robotized and that aggressors don’t dissect the hacked data sets for information that could contain a higher centralization of individual or monetary data.
Indications of these payment assaults have been accumulating throughout the span of 2020, with the quantity of grievances from worker proprietors finding the payoff note inside their information bases springing up on Reddit, the MySQL gatherings, technical support discussions, Medium posts, and private web journals.
Bitcoin addresses utilized for the payment requests have additionally been accumulating on BitcoinAbuse.com [1, 2, 3, 4, 5, 6, 7, 8], a site that records Bitcoin addresses utilized in cybercrime tasks.
These assaults mark the most purposeful exertion to recover SQL information bases since the colder time of year of 2017 when programmers hit MySQL workers in a progression of assaults that additionally focused on MongoDB, Elasticsearch, Hadoop, Cassandra, and CouchDB workers too.
See photos below;