More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger.

The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data.

Money made

Victims have 10 days to pay BTC 0.06 ($525 at current price) a wallet provided in the ransom note, else the hacker makes the database

When visiting the site, a script will run that performs a local port scan of your computer to detect remote support and remote access applications.

Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. 

After learning about this, BleepingComputer conducted a test and can confirm that is indeed performing a local port scan of 14 different ports when visiting the site. script performing a port scan script performing a port scan

This scan is being conducted by a check.js script [archived] on that attempts to