Menu
More than 10,000 exposed MongoDB databases deleted by ransomware groups

More than 10,000 exposed MongoDB databases deleted by ransomware groups

Five groups of attackers are competing to delete as many publicly accessible MongoDB databases as possible

Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them. In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.

The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.

On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.

The attackers left a message behind for the database administrators asking for 0.2 bitcoins (around US $180) to return the data.

A day later, the number of databases wiped by Harak1r1 had reached 2,500 and by Friday, more than 8,600 had been affected and contained the ransom message.

In addition, other attackers have joined the scheme, researchers counting at least five groups with different ransom messages so far. Together, the groups deleted 10,500 databases, and in some cases, they've replaced each other's ransom messages.

The bad news is that most of them don't even bother copying the data before deleting it, so even if the victims decide to pay, there's a high chance they won't get their information back.

Gevers said he has helped some victims and there was no evidence in the logs that the data had been exfiltrated. He advises affected database owners not to pay and to get help from security professionals.

MongoDB administrators are advised to follow the steps on the security checklist from the MongoDB documentation in order to lock down their deployments and prevent unauthorized access.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments