Automation of Stealing and Selling Databases
A database selling campaign is reportedly active since the start of this year, where the hackers are stealing MySQL databases and leaving ransom notes to be contacted for settlement. It’s said, while initial incidents have ransom notes left inside the servers to be contacted for customized pricing, later it was automated. Also Read- Email.it Data Breach: Hackers Set-up 600k Users Data For Sale on Dark Web Initially, hackers have mentioned two surface-web websites (1, 2) for visiting and retaining their databases but later moved onto an onion address, which is being mentioned in their ransom notes along with assigning them a unique ID.
Visiting the specified onion address will take them to a page, where they’ll be asked to enter their unique ID to check whether any of their databases were stolen and listed. If available, they’ll be asked to pay the specified amount in a given time limit to retain it, and also to pull down from auction.
This is basically a 9-day period, and if the owner fails to pay the ransom (around $500 worth of Bitcoin for each database), hackers then set it up for sale via auction. Owners then need to be purchasing their database as any other bidder in the auction. The defines the hackers haven’t been checking the databases manually to give them a custom price and have automated this process of stealing and selling them through their site. As ZDNet checked, most of the databases were MySQL based, and some belong to PostgreSQL and MSSQL. The reports have been increasing gradually over time, with impacted owners complaining in Reddit, MySQL forums, Medium posts, and tech support forums.