Hackers sell more than 85,000 SQL databases on a dark web portal for only $550/database. The portal is part of a database ransom scheme and has been going on since the beginning of 2020.
Threat actors have been breaking into SQL databases, downloading tables and deleting the originals. They leave ransom notes behind, telling server owners to get in touch with the attackers to get their data back.
The initial ransom notes asked victims to contact the attackers via email, but gradually, the attackers automated their ransom scheme with the help of a web portal and then moved an Onion address on the dark web.