According to Network World a recent ransomware attack was initiated on February 12, 2017, which completely overran MySQL Database. The attack originated from an IP address located in the Netherlands. The attack lead to thousands upon thousands of databases being erased and replaced with a .2 bitcoin ($234) ransom demand. Although the demand is not painstakingly high per database, think of the corporations who had hundreds if not thousands of their databases deleted.
Two Variants Used
After obtaining additional information into the MySQL ransomware attack, it was determined two different ransomware variants were used. Both deleted the data, but only one assured users their data was backed up on the attackers servers. There were also two different Bitcoin wallets used for each variant, as well as slightly different methods for obtaining the deleted data. One variant requested after the payment is made, the user confirm the encrypted server’s IP address via a darknet site using the Tor browser. While the other asked to be emailed the IP address of the ransomed server, after the payment was made.
Users Are Paying Demands
So far, there has been confirmation of users paying the ransom demands, although how many users remains a mystery. PC Matic strongly encourages users NOT to pay the ransom demands for the following reasons:
- First, this data was dumped without any confirmation of it being stored by the cyber criminals.
- If you pay, there is no guarantee you will receive your lost files.
- You put a target on your back for future attacks — if you pay once, you’ll likely pay again. Hackers will exploit this.
- You’re giving the criminals exactly what they want. And because they’re getting what they want, the use of ransomware attacks will continue to explode.
Moving Forward
Protecting your data from a malware attack of any kind, ransomware included, is critical. PC Matic encourages both home and business users to implement the following tips to safeguard their data:
- Use a security solution that implements application whitelisting. Application whitelisting has been proven far more effective in preventing malware attacks than traditional blacklisting methods.
- Implement patch management. Keeping all of your applications patched and updated will prevent any security gaps from going unmanaged.
- Take a cyber security course. This does not have to be anything long and strenuous. There are multiple cyber security awareness programs available that users should engage in. By knowing what red flags to look for, you are far less likely to become the next victim.
- Back up your data on a secure, external device. This device should only be connected to your PC while the back up is taking place. Once it is done, unplug the device from your PC and store it in a safe place.
- Disable macros. Often times a malicious attachment will require the use of macros. By disabling them, you could prevent a malware attack from executing.
