There are 250 thousand MySQL databases for sale on the darknet at a price of 0.03 BTC per unit (about $530 at this writing). The total value of the data exceeds $132 million.
According to Guardicore, the 7TB databases were stolen from 83,000 servers.
The attackers first download the file to their computer, then Bitcoin Pro app delete it from the server and leave the victim with a note demanding a ransom. If the victim does not pay within nine days, the data is put up for public auction.
The first ransomware attack was recorded back on 24 January. In all, Guardicore specialists identified 92 attacks during the year, which increased sharply in October. The hackers are using 11 different IP addresses, most of which are in Ireland and the UK.
The Bitcoin Abuse service links at least eight wallets to the hackers. One of them contains 4.01 BTC (just over $72,000 at the time of writing).
Since October, the hacker group has changed its payment method and accepts payments not to a bitcoin wallet, but through a specially created site on the Tor network. To access it, victims must use a unique identifier provided in the ransomware’s email.
Guardicore researchers note that the hackers‘ attack is untargeted and can infect any of the 5 million MySQL servers connected to the internet.
Recall that in November the information systems of Delaware County in the US state of Pennsylvania were attacked by the DoppelPaymer encryption virus. Authorities paid the extortionists $500,000 in bitcoins.
In total, hackers carried out more than 500 public encryption virus attacks in more than 45 countries between November 2019 and November 2020. The total damage from their activities exceeded $1 billion.