Ransomware: Protect Your DataBase From Ransomware attack

ShahidShahid
2 min read

The popularity of database platforms has attracted cybercriminals, who are always finding new ways to cause havoc. Ransomware is a type of malware that encrypts data, making it inaccessible and crippling organizations. Paying the ransom doesn't guarantee data recovery as the criminals are untrustworthy.

How to identify if your MySQL database is hacked

Recently the database which is hosted on the cloud got hacked and upon investigation found the database structure has been modified and a new database along with the new table and user was created by the attacker.

crime scene pictures have been captured, hope this will help you to understand better.

  1. In scene one a new database ‘warning’ is got created, along with the new table ‘WARNING’ with the ransom text.

    1. Scene Two a new user ‘server’ is created.

  1. Scene Three analyzes copied the DB files to the Laptop and Microsoft window security has detected the trojan virus. In the MySQL database, a few .exe files are copied by hackers.


MySQL databases have become a target for cybercriminals, with recent attacks trying to implant a ransomware weapon known as GandCrab. The attacks appear to be targeted, and security experts suggest that an international cybercriminal team may be behind them. The attack is executed in stages, with the end result being the encryption of the victim's files. A robust backup and recovery policy is necessary to recover from such an attack.

Tricks Used by Hackers and How to Prevent

Hackers are searching for MySQL logins that are not properly protected. This may be due to a weak password or in some default installation passwords, no password at all. Failure to protect your MySQL database may allow hackers to turn it into a launching pad for malware. I have seen this issue specifically Docker MySQL Containers are more prone to hacking.

Here are a few suggestions for protecting your MySQL servers from ransomware:

  • Always use strong passwords. Change the default port 3306 to some this else

  • Eliminate the ability to directly access your MySQL servers from the Internet.

  • Monitor your MySQL access logs.

  • Keep a Backup of the Database.

Thanks for reading - Shahid

0
Subscribe to my newsletter

Read articles from Shahid directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Shahid
Shahid

I’ve always been deeply interested in computing,  Computers have held a life-long fascination for me.What started as an interest in just using them developed into a growing desire to understand and implement new things. you can contact me at https://shahidkhans.com