Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers ask for a small sum to return / not publish the data, but those who pay will not get their data back, as the bot takes only a small amount of it before wiping it all. Border0 researchers wanted to see whether and how quickly a simple PostgreSQL server would be targeted by the same bot once they exposed it online. Within hours, the bot can access the server, identify and explore the databases, take snapshots of each table in the databases, delete all the databases, terminate all backend processes, and create a new database named readme_to_recover, which contained the ransom note. This type of automated attack against poorly secured database servers has been going on for years.
Read more: https://www.helpnetsecurity.com/2024/01/18/postgresql-mysql-ransomware-bot/
