News

More than 10,000 exposed MongoDB databases deleted by ransomware groups

Five groups of attackers are competing to delete as many publicly accessible MongoDB databases as possible

|

Romania Correspondent, IDG News Service |

Hackers are wiping data from MongoDB databases
Credit: Gerd Altmann / Pixabay
More like this

Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them. In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.

The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.

On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.

The attackers left a message behind for the database administrators asking for 0.2 bitcoins (around US $180) to return the data.

A day later, the number of databases wiped by Harak1r1 had reached 2,500 and by Friday, more than 8,600 had been affected and contained the ransom message.

In addition, other attackers have joined the scheme, researchers counting at least five groups with different ransom messages so far. Together, the groups deleted 10,500 databases, and in some cases, they've replaced each other's ransom messages.

The bad news is that most of them don't even bother copying the data before deleting it, so even if the victims decide to pay, there's a high chance they won't get their information back.

Gevers said he has helped some victims and there was no evidence in the logs that the data had been exfiltrated. He advises affected database owners not to pay and to get help from security professionals.

MongoDB administrators are advised to follow the steps on the security checklist from the MongoDB documentation in order to lock down their deployments and prevent unauthorized access.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Related:

Lucian Constantin is an IDG News Service correspondent. He writes about information security, privacy, and data protection.

Download the CIO Nov/Dec 2016 Digital Magazine
You Might Like
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.
Popular On CIO.com
img 0827
IDG Contributor Network
Amazon Echo vs. Google Home: The choice is obvious

On the surface, it may seem like a difficult choice between Alexa and Google Home, but once you look at...

pcxpo1
Your guide to top tech conferences

CIO.com's sortable, searchable directory of technology conferences makes it easy to find events coming...

iphone7plus
Deep-dive review: The iPhone 7 Plus is the best iPhone yet

Apple has to out-execute itself (and its rivals) every year to coerce millions of users to upgrade and...

BrandPosts
Learn more
Resources
Featured Stories
onshore ts
IT service providers increase onshore investments

A number of factors are driving leading global IT and business process outsourcing providers to open...

enterprise tech gadgets ts
5 simple steps to boost your digital hygiene

January is a good time to stop making excuses and get your digital life in order. Here are five...

nytimes ios app
Apple removes the New York Times app in China

Citing Chinese regulations, Apple has removed the newspaper's iOS apps in mainland China.

tb12 under armour sleepwear
Tom Brady's PJs pack 'recovery tech' for athletes

Under Armour's new TB12 pajamas aren't cheap, but they promise to rejuvenate your body after workouts....