Auction site used by hackers to sell compromised MySQL databases (Source: Guardicore Labs)
Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations as a way to demand payment before making the information public, according to a report released this week by Guardicore Labs.
In addition to the ransomware and extortion campaign, the hackers are selling access to over 250,000 stolen databases through a darknet market when victims don t pay, according to the report.
The hacking campaign that the Guardicore Labs analysts discovered appears to have started in January and is still active, targeting vulnerable MySQL databases around the world, says Ophir Harpaz, a security researcher, who estimates that about 5 million MySQL servers are exposed to the public internet and are potentially vulnerable to this or another type of attack.