Hackers are scanning for MySQL servers to deploy GandCrab ransomware

GandCrab

At least one Chinese hacking crew is currently scanning the internet for Windows servers that are running MySQL databases so they can infect these systems with the GandCrab ransomware.

These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers running on Windows systems to infect them with ransomware.

Andrew Brandt, Principal Researcher at Sophos, and the one who spotted these new attacks in a honeypot’s logs described them as “a serendipitous discovery” in an email to ZDNet.

The researcher published today a blog post on the Sophos website detailing this new scanning activity and its payload.

Coinbase 2

Attackers target rare, but juicy, exposed MySQL DBs

Brandt said hackers would scan for internet-accessible MySQL databases that would accept SQL commands, check if the underlying server would run on Windows, and then use malicious SQL commands to plant a file on the exposed servers, which they’d later execute, infecting the host with the GandCrab ransomware.

While most system administrators typically protect their MySQL servers with passwords, the purpose of these scans appeared to be the opportunistic exploitation of misconfigured or passwordless databases.

According to Brandt, the hackers appeared to have been quite prodigious, while not entirely clear if they were successful.

The Sophos researcher tracked these attacks back to a remote server, which had an open directory running server software called HFS, which exposed download stats for the attacker’s malicious payloads.

GandCrab MySQL campaign

GandCrab MySQL campaign

Image: Sophos Labs

“The server appears to indicate more than 500 downloads of the sample I saw the MySQL honeypot download (3306-1.exe). However, the samples named 3306-2.exe, 3306-3.exe, and 3306-4.exe are identical to that file,” Brandt said.

“Counted together, there has been nearly 800 downloads in the five days since they were placed on this server, as well as more than 2300 downloads of the other (about a week older) GandCrab sample in the open directory.

“So while this isn’t an especially massive or widespread attack, it does pose a serious risk to MySQL server admins who have poked a hole through the firewall for port 3306 on their database server to be reachable by the outside world,” he said.

As Brandt points out, these types of attacks are very rare. Hacker groups usually scan for database servers to infiltrate companies and to steal their data or intellectual property, or to plant crypto-mining malware [1, 2].

Instances where a hacker group deploys ransomware are rare.

Related malware and cybercrime coverage:

Hackers are scanning for MySQL servers to deploy GandCrab ransomware 1
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

Leave a Reply

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 32,684.00
ethereum
Ethereum (ETH) $ 1,907.10
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 286.06
cardano
Cardano (ADA) $ 1.25
dogecoin
Dogecoin (DOGE) $ 0.228739
xrp
XRP (XRP) $ 0.625649
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 15.10
binance-usd
Binance USD (BUSD) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 32,684.00
ethereumEthereum (ETH)
$ 1,907.10
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 459.85
litecoinLitecoin (LTC)
$ 125.01
bitcoinBitcoin (BTC)
27.459,63
ethereumEthereum (ETH)
1.602,26
tetherTether (USDT)
0,840155
bitcoin-cashBitcoin Cash (BCH)
386,35
litecoinLitecoin (LTC)
105,03
bitcoinBitcoin (BTC)
23,501.27
ethereumEthereum (ETH)
1,371.29
tetherTether (USDT)
0.719045
bitcoin-cashBitcoin Cash (BCH)
330.65
litecoinLitecoin (LTC)
89.89

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020
KuCoin hackers steal $150 million
KuCoin Exchange Hacked But Insurance Will Cover The Stolen $150M
September 29, 2020
Mining City insists that it is legit
Mining City Refutes Claims By Philippines SEC Of Being A Scam
September 23, 2020

Blockchain/Cryptocurrency Questions and Answers

What Is Plethori Platform And How Does It Work?
June 12, 2021
What Is The Fudge Token?
What Is The Fudge Token?
June 5, 2021
What Is Shiba Inu (SHIB) Cryptocurrency And How Does It Work?
What Is Shiba Inu (SHIB) Cryptocurrency And How Does It Work?
May 31, 2021
What Is PancakeSwap And How Does It Work?
What Is PancakeSwap And How Does It Work?
May 27, 2021
How Has Internet Computer (ICP) Become A Top-10 Crypto?
How did “Internet Computer Coin”(ICP) Become A Top-5 Crypto?
May 19, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin32,742 0.33 % 3.32 % 14.56 %
Ethereum1,914.0 0.62 % 4.57 % 19.10 %
Tether1.000 0.16 % 0.53 % 0.46 %
Binance Coin287.22 1.68 % 0.05 % 17.09 %
Cardano1.260 3.64 % 2.00 % 14.73 %
Dogecoin0.2287 1.65 % 8.29 % 25.56 %
XRP0.6290 0.45 % 4.09 % 24.75 %
USD Coin1.000 0.26 % 0.23 % 0.32 %
Polkadot15.18 2.47 % 6.34 % 33.54 %
Binance USD1.000 0.61 % 0.03 % 0.26 %

bitcoin
Bitcoin (BTC) $ 32,684.00
ethereum
Ethereum (ETH) $ 1,907.10
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 286.06
cardano
Cardano (ADA) $ 1.25
dogecoin
Dogecoin (DOGE) $ 0.228739
xrp
XRP (XRP) $ 0.625649
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 15.10
binance-usd
Binance USD (BUSD) $ 1.00