Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers

5 years ago David Bisson
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers

Digital attackers launched a new ransomware campaign dubbed “PLEASE_READ_ME” in an effort to target MySQL servers.

Guardicore first spotted the attack back in January 2020. After that, it witnessed a total of 92 attacks emanate from 11 IP addresses, with most based in Ireland and the United Kingdom at the time of analysis.

The security firm found that each attack began the same way. As quoted in its research:

The attack starts with a password brute-force on the MySQL service. Once successful, the attacker runs a sequence of queries in the database, gathering data on existing tables and users. By the end of execution, the victim’s data is gone – it’s archived in a zipped file which is sent to the attackers’ servers and then deleted from the database. A ransom note is left in a table named WARNING, demanding a ransom payment of up to 0.08 BTC.

Over the course of its analysis, Guardicore picked out two variants of the campaign. The first lasted from January to November 2020 and consisted of 63 attacks. Each of those instances involved the delivery of a ransom note including a bitcoin wallet address, an email address for technical support and a 10-day window for the victim to pay.

Those behind PLEASE_READ_ME had collected 24,906 USD as a result of this variant at the time of Guardicore’s analysis.

The second variant dispensed with email communications and a bitcoin wallet address. Instead, it directed recipients to visit a .ONION site. The site’s dashboard provided victims with the ability to submit their infection token in order to pay their ransom. It also gave visitors the ability to buy 250k different databases from 83k MySQL servers belonging to victims who didn’t pay.

A screenshot of the .ONION website’s auction page. (Source: Guardicore)

That variant, which started on October 3 and lasted through November, consisted of 29 attack instances involving seven IP addresses.

News of this attack highlights the need for organizations to defend themselves against ransomware. They can do so by following these steps in order to prevent a ransomware infection from occurring in the first place.

The post ” PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Malware, Ransomware, TripWire

Continue Reading

Previous Podcast Episode 13 – The Future of Infosec: Teaching a College Cybersecurity Course with Tyler Reguly
Next SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

More Stories

  • Data Breach

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach

When Cloud Outages Ripple Across the Internet

13 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

19 hours ago [email protected] (The Hacker News)

Recent Posts

  • http://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html
  • [Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate
  • Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
  • When Cloud Outages Ripple Across the Internet
  • APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT