Hackers are scanning for MySQL servers to deploy GandCrab ransomware


At least one Chinese hacking crew is currently scanning the internet for Windows servers that are running MySQL databases so they can infect these systems with the GandCrab ransomware.

These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers running on Windows systems to infect them with ransomware.

Andrew Brandt, Principal Researcher at Sophos, and the one who spotted these new attacks in a honeypot’s logs described them as “a serendipitous discovery” in an email to ZDNet.

The researcher published today a blog post on the Sophos website detailing this new scanning activity and its payload.

Read more…
Source: ZDNet