The dark web portal now houses more than 85,000 SQL databases for sale

85,000 SQL databases and more are currently on sale on a dark web portal for the price of only $550/database.

According to ZDNet, the portal is a part of a database ransom scheme that has conceivably been started at the beginning of the year (2020) and going on till now. 

Hackers have been using SQL databases as leverage, leaving behind ransom notes and telling server owners to contact the attackers to get their data back. The hackers are downloading the databases and deleting the originals to threaten and scare the victim. The initial ransom notes asked victims to contact the attackers via email. But as the operation grew throughout the year, the attackers also automated their Database ransom scheme with the help of a website on the dark web. It was first hosted online at sqldb.to and then moved to dbrestore.to. Currently, the hackers have shifted to an Onion address.

Image Source: ZDNet

Victims are given a unique ID to enter in the portal that is found in the the ransom note. Only then are they presented with the page where their data is being sold.

Image Source: ZDNet

Victims who fail within a nine-day period can see their data put up for auction on another section of the portal.

The price for recovering a stolen SQL database must be paid in bitcoin. The actual price has varied throughout the year but has usually rounded up to a $500 figure for each site.

This could suggest that both the DB intrusions and the ransom/auction web pages are automated and that attackers don’t analyze the hacked databases for data that could contain a higher concentration of personal or financial information.

This year, 2020 has witnessed a heightened activity in cyber attacks and ransomware. The number of complaints from server owners finding the ransom note inside their databases showing up on famous sites such as Reddit, the MySQL forumstech support forumsMedium posts, and private blogs.

These attacks mark the most concerted effort to ransom SQL databases since the winter of 2017 in a series of attacks that also targeted big website databases such as MongoDB, Elasticsearch, Hadoop, Cassandra, and Couch DB servers as well.




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i