Cybersecurity researcher discovered over 85,000 SQL DBs for sale on the darknet

SQL DBs for sale on the darknet
Written by Emma Davis

ZDNet, citing an unnamed cybersecurity researcher, reports that more than 85,000 SQL DBs for sale on the darknet, priced at around $550 apiece.

The site on which the sale is being made, is a part of a large ransomware scheme, and in operation since the beginning of 2020. Complaints about such database attacks can be found on Reddit, MySQL forums, support forums, Medium blogs, and private blogs.

For example, hackers break into SQL databases, download them, delete the originals, and leave ransom notes to the owners if they want their data back.

SQL DBs for sale on the darknet
While the victims were initially offered to contact the attackers by email, over time, the hackers changed their tactics and automated their scheme using a site that was first hosted on sqldb.to and dbrestore.to, and then moved to the darknet.

On the website, victims are asked to enter a unique identifier specified in the ransom note, after which the victim is taken to a page where his data is sold.

SQL DBs for sale on the darknet
If victims do not pay within nine days, their data is put up for public sale, for auction in another section of the site.

SQL DBs for sale on the darknet
The cost of restoring or buying a stolen database can vary slightly, as the bitcoin / dollar exchange rate often fluctuates. Typically, the ransom is about $ 500 in crypto, regardless of the content from the database and the affected site.

Apparently, attackers do not analyse compromised and stolen databases, and the mailing processes, ransom requests and database placement on the site are fully automated.believe ZDNet journalists.

The Bitcoin addresses used by the groups are gradually accumulating on the BitcoinAbuse.com site. It is noted that the attacks of this group are easily recognizable, because usually hackers accompany their ransom demands with the heading “WARNING”.

Apparently, most of the databases compromised by cybercriminals originate from MySQL servers, but it cannot be ruled out that other systems, including PostgreSQL and MSSQL, could be affected.

Let me remind you that we talked about hackers selling data of 34 million users stolen from 17 companies.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.