live casino online

Security researchers a spate of attacks targeting Windows servers running MySQL databases to infect them with the GandCrab ransomware. The attacks, which were first uncovered last May 19 via honeypots, entail scanning internet-facing MySQL databases and checking if they're running on Windows operating systems. Malicious SQL commands are then executed to upload a file that will retrieve and help execute the ransomware.

According to Sophos¡¯ Andrew Brandt, who observed the intrusions, the scanning activities search for unsecure or misconfigured MySQL databases or firewalls. This includes attacks on MySQL servers that have exposed port 3306, the default port that MySQL uses.

Brandt noted that the versions/samples of GandCrab involved in the attacks were already downloaded over 2,300 times. While the numbers are relatively low, the attack still poses significant security risks. MySQL is a ubiquitous database technology with a reported market share of over .

[Executive Brief: Ransomware as a Service Offered in the Deep Web: What This Means for Enterprises]

GandCrab itself has used different attack vectors since it was first seen using exploit kits like and . GandCrab¡¯s operators have used malvertisements on file-sharing websites, newly developed exploit kits like Fallout, JavaScript malware, and spam attachments to deliver the ransomware. The range of attack vectors makes it a prevalent ransomware threat ¡ª GandCrab was the most detected ransomware family in North America in 2018.

This is not surprising, as GandCrab¡¯s authors peddle the ransomware as a service in the cybercriminal underground. This means GandCrab¡¯s affiliates can distribute their version of the ransomware beyond exploit kits and spam. More recently, cybercriminals were seen hosts installed with vulnerable Confluence collaboration software.

GandCrab isn¡¯t the first to target MySQL databases. An of the notorious , for instance, also targets database programs and encrypts related files. There are also the campaigns that targeted poorly secured MongoDB databases. The attacks involve identifying publicly and remotely accessible MongoDB databases, deleting their contents, then extorting their owners.?

[RELATED NEWS: MegaCortex Ransomware Spotted Attacking Enterprise Networks]

While ransomware may not be as pervasive as it was before, GandCrab¡¯s latest activity shows how the stakes are getting higher. Ransomware attacks ¡ª as shown by LockerGoga and separate incidents in U.S. counties ¡ª are increasingly becoming more targeted, and its impact more significant. Given how ransomware would sometimes need only a single weak link to infect an enterprise¡¯s online infrastructure, organizations should adopt defense-in-depth practices such as regularly backing up data; keeping the system updated and patched; securing the use of system administration tools; and ensuring that the database is properly configured. MySQL, for instance, has several and on how to secure it.