Database held for ransom, anyone experience this before?
-
Had this forwarded to my desk this morning. This client uses AWS hosted database and found this over the weekend.
Anyone ever see this before?
-
@donaldlandru someone is screwed.
-
@donaldlandru Should've used stronger password and 2fa. Time to break out the backups.
-
Wipe and reload, and of course immediately change the password to something stronger.
-
@DustinB3403 said in Database held for ransom, anyone experience this before?:
Wipe and reload, and of course immediately change the password to something stronger.
Haha thankfully not ours to fix, but that was the advice. I’d also vote against paying the bitcoin since they’ll “leak” the database either way.
-
@travisdh1 said in Database held for ransom, anyone experience this before?:
@donaldlandru Should've used stronger password and 2fa.
That is not how anything works.
-
@DustinB3403 said in Database held for ransom, anyone experience this before?:
Wipe and reload, and of course immediately change the password to something stronger.
That, or more likely IMO, cleanup the shit code that let them gain access through a SQL injection.
-
@travisdh1 said in Database held for ransom, anyone experience this before?:
Time to break out the backups.
That pretty much sums it up.
-
ouch....
-
All your database are belong to us. Um, them.
-
@JaredBusch said in Database held for ransom, anyone experience this before?:
@donaldlandru someone is screwed.
Assuming no backups and that it has sensitive data. Might just be Wordpress posts and public already.
-
@Reid-Cooper said in Database held for ransom, anyone experience this before?:
@JaredBusch said in Database held for ransom, anyone experience this before?:
@donaldlandru someone is screwed.
Assuming no backups and that it has sensitive data. Might just be Wordpress posts and public already.
Nah they had backups. Not Wordpress lol
-
Sound like this one:
https://www.csoonline.com/article/3174306/ransomware-attacks-targeted-hundreds-of-mysql-databases.htmlAccording to the article it's a brute force attack on root account of the mysql database.
A little more info:
https://www.guardicore.com/2017/02/0-2-btc-strikes-back-now-attacking-mysql-databases/Looks like the database is erased without being dumped somewhere so no sense in paying anything.
-
What Database type was this? an RDS or hosted inside a server?
-
@dbeato said in Database held for ransom, anyone experience this before?:
What Database type was this? an RDS or hosted inside a server?
.....
@donaldlandru said in Database held for ransom, anyone experience this before?:
This client uses AWS hosted database and found this over the weekend.
-
@JaredBusch said in Database held for ransom, anyone experience this before?:
@dbeato said in Database held for ransom, anyone experience this before?:
What Database type was this? an RDS or hosted inside a server?
.....
@donaldlandru said in Database held for ransom, anyone experience this before?:
This client uses AWS hosted database and found this over the weekend.
Still very ambiguous...
-
@JaredBusch said in Database held for ransom, anyone experience this before?:
@dbeato said in Database held for ransom, anyone experience this before?:
What Database type was this? an RDS or hosted inside a server?
.....
@donaldlandru said in Database held for ransom, anyone experience this before?:
This client uses AWS hosted database and found this over the weekend.
Assuming that means the SaaS AWS packages and not something else, AWS offers seven categories and 15 unique database options
-
Yup, restore from backups. ARe you using old Drupal or Wordpress Site or shared hosting like TMD ?
-
FFS already.
All of you just need to stop. This is nothing that @donaldlandru needs to do.
This is not his database.
He has no credentials to AWS.
He has no credentials to the database with access beyond read only.
His company has zero liability or issues.
They should have their legal team in on this meeting in the morning.
Because this accusation is complete and utter bullshit.
-
@JaredBusch Yes, you were correct and we discussed this last night on the Telegram group
.
