PLEASE_READ_ME is an active ransomware campaign that has been targeting MySQL database servers and dates back to at least the start of this year. The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers. There are close to 5M internet-facing MySQL servers worldwide.
MySQL servers have often been used as a low cost alternative for applications like Dynamics Ax Retail store databases.
250,000 databases are offered for sale in the attackers’ dashboard, from 83,000 successfully-breached victims.
If you are using MySQl databases then we strongly recommend that you immediately review your credentials security and reference the link above.
