'Malwareless' ransomware campaign operators pwned 83k victims' MySQL servers, 250k databases up for sale A “malwareless” ransomware campaign delivered from UK IP addresses targeting weak security controls around internet-facing SQL servers successfully pwned 83,000 victims, according to Israeli infosec biz Guardicore. “The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers” said …
I don't remember reading that encrypting the victim's files was part of the process - just curious! I'm sure we are not talking about fake ransomware here, but just the threat of data exposure is enough - if the victim already had the data encrypted, that would solve that wouldn't it? I simple restore from backup would work, because there is no malware resident in the files.
Yeah - I know - if the victim is that clueless, they aren't going to practice simple countermeasures or protections anyway - maybe they don't deserve to be in business then! Kind of like Darwin's rules here!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
