Hackers have reportedly broken into certain databases, stolen their content, and held it for ransom for a period of 9 days. Hackers will then sell this database to the highest bidder if the said DB owner will not pay the asked ransom demand.
Do hackers use SQL?
According to an article by ZDNet, over 85,000 SQL databases were up for sale on the dark web for a reported price of just $550/database. The portal has been brought to ZDNet's attention by a certain security researcher. It is said to be a part of the database ransom scheme that has repeatedly been going on ever since the start of 2020.
Hackers have reportedly been breaking into certain SQL databases, downloading the tables, deleting the given originals, and also leaving ransom notes behind which notify the server owners to get in contact with the attackers in order to receive their data back.
Can you recover ransomware files?
The initial ransom notes requests its victims to contact the cyberattackers through email. As the operation reportedly grew throughout the span of the years, attackers have also made their DB ransom scheme automated through the use of a web portal. The web portal was reportedly first hosted at the sqibd.to website then the dbrestore.to website. Now, it has moved to a particular Onion address located on the dark web.
Victims who allegedly accessed the gang's website are then asked to enter a particularly unique ID that can be found in the given ransom note, before they will be presented with the page in which their data is publicly being sold. The price for the restoration or purchase of these stolen SQL databases should notably be paid in bitcoin.
Due to the bitcoin payment, the actual prices of the website have varied all across the year as the BTC/USD rate of exchange fluctuates. However, the amount reportedly remains quite centered around the given $500 figure for every site, regardless of whatever content is supposedly included.
Read Also: COVID-19 Phishing Scheme Uses Bait to Install Malware: Russian Hacker APT28
Does ransomware steal data?
The given information actually suggested that both the noted DB intrusions as well as the ransom/auction web pages were all automated and that the attackers did not even analyze the given hacked database for certain data that could contain certain higher concentrations of personal or even financial information. Past attackers were reportedly easier to identify since the group has placed their own ransom demands in the given SQL tables with the title "WARNING."
Signs of the given ransom attacks have reportedly been increasing throughout the course of 2020, with numerous complaints from the server owners all finding the ransom note hidden inside their own databases popping up on MySQL forums, Reddit, Medium posts, tech support forums, or even private blogs. The attacks leave a mark as the most concerted effort to SQL databases ransom ever since the previous winter of 2017, according to an article by BleepingComputer.
Related Article: Hackers Steal 81,000 Facebook Accounts, Selling Them for as Low as 10 Cents Each
This article is owned by Tech Times
Written by Urian Buenconsejo