Hundreds of MySQL databases were hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks” in January, there were tens of thousands of MongoDB installs erased and replaced with ransom demands. In the new attacks, targeted MySQL databases are erased and replaced with a ransom demand for 0.2 bitcoin, which is currently equal to about $234.
Last week we first tweeted that the GuardiCore Global Sensor Network (GGSN) has detected a wide ransomware attack targeting MySQL databases. The attacks look like an evolution of the MongoDB ransomware attacks first reported earlier this year by Victor Gevers. Similarly to the MongoDB attacks, owners are instructed to pay a 0.2 Bitcoin ransom (approx. $200) to regain access to their content. We saw two very similar variations of the attack using two bitcoin wallets. In this post we will describe in detail the attack flow and provide some recommendations on how to protect your databases from similar attacks along with attack IoCs. Read more