Travis Smith, Senior Security Research Engineer at Tripwire:
“The evolution of database targeted ransomware started with MongoDB and transitioned to Elasticsearch. These two products could be installed without any authentication mechanism. When deployed to the internet with default configurations, the databases were world writable. When installing MySQL, you’re prompted for a password which protects against ransomware attacks. What these attackers are doing is guessing the root password via brute force attacks. In practice, this is a very inefficient attack vector.
The adaption from MongoDB to MySQL can be expected. Databases hold some of the most sensitive information on the internet. Because of this, the value of the data can be exponentially greater than the data traditional ransomware targets.
MySQL can provide decent security out of the box, with enhanced protections available quite easily. By issuing the mysql_secure_installation command, users can follow a walk through on hardening their installations to protect against attacks like this. A good rule of thumb is protecting the root account with a long and complex password in addition to preventing login from the internet, preferably only allowing local authentications.”
Ransomware Attacks Targeted Hundreds Of MySQL Databases
Hundreds of MySQL databases have been hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks,” according to security vendor GuardiCore. Travis Smith, Senior Security Research Engineer at Tripwire commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
The adaption from MongoDB to MySQL can be expected. Databases hold some of the most sensitive information on the internet. Because of this, the value of the data can be exponentially greater than the data traditional ransomware targets.
MySQL can provide decent security out of the box, with enhanced protections available quite easily. By issuing the mysql_secure_installation command, users can follow a walk through on hardening their installations to protect against attacks like this. A good rule of thumb is protecting the root account with a long and complex password in addition to preventing login from the internet, preferably only allowing local authentications.”
Recent Posts
What Expert Says On Marqeta Expanding Credit Platform With 40 New APIs
ZuoRAT Malware Targets SOHO Routers In North America, Europe – Expert Comment
Geographic Solutions Ransomware, Experts Weigh In
Almost Half Of UK Organisations Now Encrypt All Data, According To Annual Apricorn Survey
Your Comments On Macmillan Ransomware Attack