Script that discovered my unprotected phpmyadmin on a home test server, dumped my mysql databse of useless test data, and left the below ransom message:
_x000D_
To recover your lost data : Send 0.045 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont receive your payment,we will delete your databases._x000D_
_x000D_
Its okay buddy, you can delete those 5 rows of irrelevant text. _x000D_
_x000D_
The related Apache access log entry:_x000D_
(Yes, the credentials were root:root) _x000D_
_x000D_
211.57.200.104 - - \ GET /phpmyadmin/index.php?pma_username=root&pma_password=root&server=1 HTTP/1.1 302 958 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36