85,000 SQL databases and more are currently on sale on a dark web portal for the price of only $550/database.
According to ZDNet, the portal is a part of a database ransom scheme that has conceivably been started at the beginning of the year (2020) and going on till now.
Hackers have been using SQL databases as leverage, leaving behind ransom notes and telling server owners to contact the attackers to get their data back. The hackers are downloading the databases and deleting the originals to threaten and scare the victim. The initial ransom notes asked victims to contact the attackers via email. But as the operation grew throughout the year, the attackers also automated their Database ransom scheme with the help of a website on the dark web. It was first hosted online at sqldb.to and then moved to dbrestore.to. Currently, the hackers have shifted to an Onion address.
Victims are given a unique ID to enter in the portal that is found in the the ransom note. Only then are they presented with the page where their data is being sold.
Victims who fail within a nine-day period can see their data put up for auction on another section of the portal.
The price for recovering a stolen SQL database must be paid in bitcoin. The actual price has varied throughout the year but has usually rounded up to a $500 figure for each site.
This could suggest that both the DB intrusions and the ransom/auction web pages are automated and that attackers don’t analyze the hacked databases for data that could contain a higher concentration of personal or financial information.
This year, 2020 has witnessed a heightened activity in cyber attacks and ransomware. The number of complaints from server owners finding the ransom note inside their databases showing up on famous sites such as Reddit, the MySQL forums, tech support forums, Medium posts, and private blogs.
These attacks mark the most concerted effort to ransom SQL databases since the winter of 2017 in a series of attacks that also targeted big website databases such as MongoDB, Elasticsearch, Hadoop, Cassandra, and Couch DB servers as well.
