Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases.

Researchers are warning on an active ransomware campaign that’s targeting MySQL database servers. The ransomware, called PLEASE_READ_ME, has thus far breached at least 85,000 servers worldwide – and has posted at least 250,000 stolen databases on a website for sale.

MySQL is an open-source relational database management system. The attack exploits weak credentials on internet-facing MySQL servers, of which there are close to 5 million worldwide. Since first observing the ransomware campaign in January, researchers said that attackers have switched up their techniques to put more pressure on victims and to automate the payment process for the ransom.