EXECUTIVE SUMMARY:

Cyber criminals amplified their efforts in 2020 and amassed a large volume of information to sell on the dark web. Right now, the dark web shows many MySQL databases for sale, with each one fetching roughly $550. More than 85,000 MySQL databases have been compromised.

As ZDNet reports, “Hackers have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back.”

Initially, the server owners were able to contact the attackers. However, as the attackers expanded their operations, they eventually grew to automate responses for data requests. Automation is becoming as popular with hackers as it is with everyone else.

How can victims retrieve the stolen MySQL data?

Victims must access the hackers’ website, enter a unique ID embedded within the ransom note, and follow the instructions presented on the screen.

Unless victims pay in Bitcoin within a nine-day window of time, their data will be released for sale on the dark web.

Researchers contend that the entire process in these instances -from intrusion to auction- is likely automated. Each victim appears to have a near identical set of experiences.

How can organizations deal with the fallout from these attacks?

Victims or forensics teams can report the Bitcoin addresses utilized within the ransom demands on BitcoinAbuse.com.

In addition, ensure that your organization has a strong cyber security strategy and an incident response plan in place.

For more on this story, visit ZDNet.com.