• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Evolved Version of MongoDB Ransomware Caught Targeting MySQL Databases

February 27th, 2017 Uzair Amir Security, Malware 0 comments
Evolved Version of MongoDB Ransomware Caught Targeting MySQL Databases
Share on FacebookShare on Twitter

Earlier in January, we heard about MongoDB ransomware that erased data from not hundreds but thousands of computers and forced the victims to pay ransom money. The same MongoDB ransomware is now back in the news but this time, it is even more powerful and the campaign is also quite sophisticated in design. In the recent attack spree, hundreds of MySQL databases have been targeted and attackers are demanding 0.2 bitcoin (approx. $234) from each victim.

It was also noted by GuardiCore that the attack started with cyber-criminals brute-forcing the root password of the MySQL database and after logging in the tables from the database were extracted. In fact, two different versions of these attacks have been identified; in the first version, the attackers add a new table by the name WARNING to the already existing database.

This new table contains information about the demanded ransom, email address of the attackers and Bitcoin payment address. The second version is different as in this one a new table bearing the name PLEASE_READ is added to a newly created database and afterward, the attacker deletes the pre-existing databases on the server and simply disconnects. PLEASE_READ also contains a ransom note while the database is sent to the attacker’s servers. In both the versions, victims are asked to pay 0.2 BTC as ransom and they are required to communicate with the attackers at the same address backupservice@mail2tor.com.

Yesterday we started detecting new #Ransomware hitting #MySQL @guardicore's Global Sensor Network. Fill follow up with more data soon. pic.twitter.com/5Vyvs6Q5gU

— 𝙿𝚊𝚟𝚎𝚕 𝙶𝚞𝚛𝚟𝚒𝚌𝚑 (@PashaGur) February 13, 2017

[fullsquaread][/fullsquaread]

According to the GuardiCore’s findings, these attacks started occurring from 12th February and continued to attack MySQL servers for 30 hours where one IP address 109.236.88.20 was identified to be involved.

Bitcoin wallet mentioned in ransom note / Source: GuardiCore

The analysis further suggests that this IP address belongs to a web server hosting service provider firm from Netherlands namely WorldStream. GuardiCore notified WorldStream about the attacks as the former believed that the involved attackers have compromised a mail server of the latter as it serves as both HTTP(s) and FTP server.

It is worth noting that two distinct bitcoin wallets are being used for each version of the attack and some have already paid the ransom. In this regard, GuardiCore has some suggestions for the victims. The company states that prior to paying the ransom, it is important to confirm whether the attacker has your data in a restorable form or not because their analysis revealed that there was no evidence of data exfiltration at all.

[fullsquaread][/fullsquaread]

Moreover, it is important to secure MySQL servers’ by augmenting its protection level so as to ensure that such attacks do not occur in the future. This can be achieved by ensuring stronger passwords and implementing authentication of the servers. GuardiCore itself also offers monitoring services for securing MySQL servers, which you can use to protect them.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Crime
  • hacking
  • Malware
  • MongoDB
  • Privacy
  • Ransomware
  • security
  • SQL
Facebook Twitter LinkedIn Pinterest
Previous article Change.org sends password reset email after CloudBleed bug
Next article New Phishing Scam Targets Digital Payment and Online Banking Users
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

58
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

34
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

175

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us