Ransomware

Mass database extortion causes significant damage despite low payment rates

As reported by Security Affairs, a five-year study on the ransomware economy has revealed that over 30,000 exposed databases were targeted by ransom attacks, resulting in substantial damage even when victims did not pay.

The Ransomnews Research Team's five-year study, spanning from May 2021 to May 2026, analyzed over 65,000 exposed databases, finding that 46.3% contained ransom or wipe notes. These compromised systems held more than 215 billion records, with data being stolen, wiped, or held for ransom. The study identified 514 unique attacker bitcoin wallets, with 318 showing no transaction history, indicating that the vast majority of victims did not pay. The total confirmed revenue across the dataset was approximately $753,000.

The research highlights that the damage is inflicted regardless of payment, as data is often copied or deleted before the ransom note is even discovered. Exposed MongoDB and MySQL systems were compromised almost universally when found. The study also noted a shift from destructive attacks to extortion, as operators prioritize payment over data destruction for revenue. The findings underscore the need for robust security measures, such as avoiding direct public exposure of database ports and implementing strong authentication and network segmentation, as exposure often signifies that compromise has already occurred.

Source: Security Affairs

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds