More than 85.000 SQL databases data are for sale in one portal on the dark web. The price is $ 550 for each database.
The portal discovered by a researcher security, seems to be part of a “database ransom scheme”Which has been operating since the beginning of 2020.
Initially, the hackers asked the victims to contact them through e-mail. Later, as the campaign progressed, they automated the process with the help of a web portal, originally hosted on sqldb.to and dbrestore.to. Then an Onion address was given to the dark web.
When victims enter their sites hackers, are asked to enter a unique ID, which is provided in the ransom note. They can then go to the page where their data is sold.
If the victims do not pay within nine days, the data put them up for auction in another section of the portal.
To recover or buy stolen SQL databases one has to pay at Bitcoin. Since the beginning of the year (where the campaign started) there have been various changes in the price of the databases (depending on the BTC / USD exchange rate), but it is usually around $ 500 for each database (regardless of its content).
This suggests that both initial invasions and ransom / auction websites are automated and that intruders do not analyze compromised databases. If they did, the price would possibly be determined by the importance of the stolen goods data.
The initial attacks are easy to identify as well hackers usually placed the ransom notes on SQL tables entitled "WARNING". Most of the databases seem to be MySQL servers.
As we said above, such attacks have appeared since the beginning of 2020 and have continued throughout its duration. Server owners have done several complaints displayed in Reddit, In MySQL forums, In technical support forums and other private blogs.
These attacks mark the most coordinated effort to profit from SQL databases. The first ones started in the winter of 2017, when hackers hit MySQL servers in a series attacks which also targeted MongoDB, Elasticsearch, Hadoop, Cassandra and CouchDB servers.