Recently the database in the cloud was hacked. Upon investigation found that the database structure changed. New database along with the new table and the attacker created user.
I have captured crime scene pictures and hope this will help you understand better.
Scene One: a new database ‘warning’ is created, along with the new table ‘WARNING’ with a ransom text.
Scene Two: a new user ‘server’ created.
Scene Three: Copy DB files to the local PC. And MS window security tools have detected the trojan virus. In the MySQL database.
This is a specific form of malware whose goal is to encrypt the data on an infected server. This makes the data inaccessible to users and can cripple an organization. The cybercriminals will decrypt the data if their financial demands are met. Paying the ransom may or may not get your data back. Remember, you are dealing with criminals and their word is not to be trusted.
Tricks used by Hackers and How to secure database
Hackers are searching for MySQL logins that are not properly protected. This may be because of a weak password or in some default installation password, no password at all.
Failure to protect your MySQL database may allow hackers to turn it into a launching pad for malware.
Here are a few suggestions for protecting your MySQL Database server from ransomware:
- Always use strong passwords.
- Drop direct access to your MYSQL servers from the Internet.
- Check your MySQL control settings and logs.
- Keep Backup of Database.