Ransomware
Abuser: [email protected]
Deletes my MySQL db and asks for ramson
Peru, 2019-04-10 17:59:14
Abuse to Bitcoin address
1MaiKELpXqgnrtGjdHbdaS4RpaX2TGx7ox
Peru, 2019-04-10 17:59:14
Ransomware
Abuser: [email protected]
I'd setup a test mysql server, forgotten about it, and came back to find: To recover your lost data : Send 0.045 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont receive your payment,we will delete your databases.
Australia, 2019-04-24 23:26:02
Ransomware
Abuser: [email protected]
To recover your lost data : Send 0.045 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont receive your payment,we will delete your databases.
Papua New Guinea, 2019-05-06 01:10:55
Ransomware
Abuser: 211.57.200.104
Script that discovered my unprotected phpmyadmin on a home test server, dumped my mysql databse of useless test data, and left the below ransom message: "To recover your lost data : Send 0.045 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont receive your payment,we will delete your databases." It's okay buddy, you can delete those 5 row's of irrelevant text. The related Apache access log entry: (Yes, the credentials were root:root) 211.57.200.104 - - \ "GET /phpmyadmin/index.php?pma_username=root&pma_password=root&server=1 HTTP/1.1" 302 958 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36"
United States, 2019-05-10 23:11:22
Ransomware
Abuser: [email protected]
To recover your lost data : Send 0.045 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont receive your payment,we will delete your databases.
India, 2019-05-15 06:20:23
Ransomware
Abuser: [email protected]
Deleted DB and asked for ransom. If we checked the MySQL DB we can find a 'README' database > To recover your lost Database and avoid leaking it: Send us 0.05 Bitcoin (BTC) to our Bitcoin address 1MAikeLUHocwmKZLZfZAoh6n9G9j4CKp13 and contact us by Email with your Server IP or Domain name and a Proof of Payment. Your Database is downloaded and backed up on our servers. Backups that we have right now: elementview_master, If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise.
Taiwan, 2019-05-20 10:44:49