Hackers have stolen as much as 85,000 MySQL databases and are currently offering them on a dark web portal at a price of $550 per database.
A security researcher found out about it and brought it to the attention of the media, the issue is a database ransom scheme that has been operating since the beginning of 2020.
Prolific Hackers have been breaching MySQL databases, and downloading the database tables, after which they delete the original database. The hackers then leave a ransom note behind, This note tells the server owner to contact the attackers to get their data back.
The hackers initially asked victims to contact them via email, but as the operation grew larger, the attackers decided to automate their DB ransom process through a website hosted at sqldb.to and dbrestore.to, after which they moved to an onion link on TOR.
This is an example of the ransom note. A unique ID is provided to the victims of the hack, victims need to enter this on the attackers website before they can buy their database.
If a victim refuses to pay within nine days their data is moved to the auction where the database is auctioned.
Hackers using bitcoin
The hackers are receiving the ransoms in bitcoin, everything has to be paid in bitcoin. Since the year started the ransom price has change but it has mostly hovered around $500 for every database, irrespective of the website and the content.
What this is pointing to is that the process is automated and the hackers do not scan the database for those that contain a large amount of information that might be useful in many ways.
Server owners have complained throughout 2020, a number of server owners have put up their ransom notes on reddit, medium blogs, tech support forums and MySQL forums.
Victims of the attacks have also added bitcoin addresses used in the attacks on BitcoinAbuse.com, a website that indexes bitcoin addresses used in crime.
These are the most concerted effort to ransom SQL databases since 2017 when hackers hit MySQL servers in a series of attacks that also targeted other databases.