Over 1,200 databases that could be accessed without authentication have already fallen victim to the attackers, which replaced their indexes with a note demanding a payment of 0.012 Bitcoin in exchange for the data.
“In each case, data held in the databases was replaced with a ransom note stored in the ‘message’ field of an index called ‘read_me_to_recover_database’. Inside the ’email’ field is a contact email address,” Secureworks notes.