Hackers are selling more than 85,000 SQL databases on a dark web portal for a price of $550 per database, ZDNet reports.
The portal is part of a database ransom operation, which has been active since the beginning of this year, involving hackers compromising SQL databases. Once the SQL database is breached, attackers download tables, wipe the originals and drop a ransomware note (usually placed in SQL tables titled “WARNING”), which tells server owner to contact the intruders to restore the data.
Initially, the attackers instructed victims to contact them via email, but later they set up a website on the dark web. To access a page where their data is being sold victims need to enter a unique ID, provided in a ransom note, and if they will not pay the ransom in bitcoin within nine days, their data will be put up on auction.
“The actual price has varied across the year as the BTC/USD exchange rate fluctuated but has usually remained centered around a $500 figure for each site, regardless of the content they included,” ZDNet wrote. “This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information.”
Most of the databases compromised by this cybercriminal group appear to be MySQL servers, but it is possible that other SQL relational database systems such as PostgreSQL and MSSQL also could have been targeted in attacks.