Ransomware attacks, like PLEASE_READ_ME, are made possible due to two reasons.
- Many database servers are internet-facing and are thus accessible by anyone.
- Those same database servers use default or ridiculously weak passwords, allowing for attackers to easily brute force and breach them.
Once the database server is compromised, the data is lost and its recovery depends on paying the ransom.
Database servers should (nearly) always be internal to the organizational network, and not be exposed to the internet. These assets, with highly valuable and often sensitive information, should be kept inside the network and be accessible by only privileged users and/or processes.