Hackers Steal SQL Databases From Several Online Shops, Demand Bitcoin in Return

What’s brewing?

• The ongoing rise in SQL database encryption, extortion, stealing is targeting e-commerce platforms.
• According to the reports, most of the online stores are from Germany followed by Brazil, the U.S., Italy, India, Spain, and Belarus. All these countries run e-commerce platforms such as Shopware, OpenCart, Magento v1 and v2, PrestaShop, and JTL-Shop.
• Threat actors are demanding the ransom to be paid in the form of bitcoin within ten days, or else they sell the data on public websites.
• Perhaps the attackers are selling the stolen databases on the dark web, doubling their profits.

E-Commerce sites entice crooks

• Recently, threat actors acting under the Magecart umbrella group were seen exploiting an old vulnerability in a Magento plugin to deploy credit card-skimming malware on e-commerce sites.
• A few weeks back, the ShinyHunters hacking group breached Bhinneka, an Indonesian e-commerce company. The hackers stole 1.2 million user records and sold them on the dark web in exchange for bitcoin.

Hackers’ undying lust for bitcoin

• Hackers gained access to Johannesburg city council’s computer systems and demanded ransom payment in the form of four bitcoins in October 2019.
• In June 2019, a ransomware, dubbed Triple Threat, attacked municipalities in Florida, encrypting the data stored in the computers of the City of Lake City. The attackers demanded a ransom of 42 Bitcoins in exchange for the decryption keys to restore the data.

The bottom line