back to article 'Malwareless' ransomware campaign operators pwned 83k victims' MySQL servers, 250k databases up for sale

A “malwareless” ransomware campaign delivered from UK IP addresses targeting weak security controls around internet-facing SQL servers successfully pwned 83,000 victims, according to Israeli infosec biz Guardicore. “The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers” said …

  1. Naich
    Go

    Double extortion?

    Does this not negate itself? You encrypt the databases, the victim doesn't pay, so the databases are published. If it was me, I'd just not pay and then restore the databases from the published data. It's probably a good thing that it isn't me, TBH.

    1. Claptrap314 Silver badge

      Re: Double extortion?

      Cute idea, but I wouldn't want to be the company on it.

    2. Robert Carnegie Silver badge
      Coat

      Re: Double extortion?

      When you get the data back, every customer forename of "Denis" has been changed to "Penis".

      And you have no way to know which of them were already named "Penis" before your data was stolen.

  2. JCitizen
    Pirate

    Isn't this article missing a step?

    I don't remember reading that encrypting the victim's files was part of the process - just curious! I'm sure we are not talking about fake ransomware here, but just the threat of data exposure is enough - if the victim already had the data encrypted, that would solve that wouldn't it? I simple restore from backup would work, because there is no malware resident in the files.

    Yeah - I know - if the victim is that clueless, they aren't going to practice simple countermeasures or protections anyway - maybe they don't deserve to be in business then! Kind of like Darwin's rules here!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021