RDS DB table name shows "YOUR DB Is Hacked"

Question

Today we found that on our RDS on every DB there is an extra table name "YOUR_DB_IS_HACKED" containing these below content. we checked that this table is created on on "2024-03-19".

> ('Your database is hacked an all your data is backed up. (more information: go to https://paste.sh/fCNubiC6#qResBW4RU-_XsA9Z4QcvWgtS) You must pay 0.03 BTC to bc1q7qznqy9j3pu9daxdgz6d6u60kmshlgnwmyl2zt In 10 days or your data will be publicly disclosed. After paying send mail to us: svpcarbone@onionmail.org we will check as soon as possible and delete our copy. Your DBCODE is: 566GY',' bc1q7qznqy9j3pu9daxdgz6d6u60kmshlgnwmyl2zt',' svpcarbone@onionmail.org');

We already took DB backup & also changed the password.
Need to know what should we do more to prevent it happening next time & what else we missed, please guide us to solve the issue.

Answer

Hi,

First of all, I'm so sorry.

I recommend to quickly take a look at the following [AWS Knowledge Center article](https://repost.aws/knowledge-center/potential-account-compromise) which describes step by step what to do when you identify unauthorized activity in your AWS account. Just to confirm that more resources have not been committed.

Once reviewed, check this [AWS Knowledge Center article](https://repost.aws/knowledge-center/security-best-practices) which contains best practices for securing the AWS account and its resources.

Answer

Essentially, your data has been stolen, so it's crucial to exercise caution. If you were storing personally identifiable information (PII) in that database, you could face significant issues.

---

> ⚡ In short, you should isolate the affected database, restore from a trusted backup, and enhance your security measures by implementing robust access controls, encryption, regular backups, and up-to-date software.

#### Important Resources you should read:
- [Protecting against ransomware](https://aws.amazon.com/security/protecting-against-ransomware/)
- [Security in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html)

> 🚨 If you would like to  have a security concern regarding AWS cloud services, please submit the information by contacting `aws-security@amazon.com`.

RDS DB table name shows "YOUR DB Is Hacked"

Important Resources you should read:

相關內容