MongoDB ransom attacks soar, according to the Australian Communications and Media Authority Antipodes the number of hacked systems more than double to 27,000 in just a day. According to the experts, the hackers are implementing an extortion mechanism copying and deleting data from vulnerable databases.
Crooks request the payment of a ransom in order to return data and help the company to fix the flaw they exploited. Last week I reported the story of a mysterious attacker that goes online with the harak1r1 moniker, he is breaking into unprotected MongoDB databases, stealing their content, and requesting for a 0.2 bitcoins (US$184) ransom to return the data.bitcoins (US$184) ransom to return the data.
The attacks were discovered by the Co-founder of the GDI Foundation, Victor Gevers, who warned of poor security for MongoDB installations in the wild. The security expert has discovered 196 instances of MongoDB that were wiped by Harak1r1 and being held for ransom.
The analysis of the Bitcoin wallet used by Harak1r1 revealed that at least 22 victims appeared to have paid.
@sawaba @SteveD3 @LawrenceHecht @achillean @akmalchaudhri That is why I am looking at different sources like Zoomeye (99,491 candidates) pic.twitter.com/VApFdRbF7g
— Victor Gevers (@0xDUDE) 5 gennaio 2017
According to the security researcher Niall Merrigan the number of attacks have soared from 12,000 earlier today to 27,633 in just 12 hours. According to the expert the attacks were powered by at least 15 different actors. One of the attackers goes online with the moniker ‘kraken0’ has compromised 15,482 MongoDB databases demanding victims the payment of 1 bitcoin ($US921).
Latest #Mongodb ransack looks like ~27K servers compromised from 12K this morning.. Numbers and info https://t.co/wLF96DLUBQ with @0xDUDE
— Niall Merrigan (@nmerrigan) 8 gennaio 2017
The researcher is collecting information on the attacks including information provided by Victor Gevers.
The Australian Communications and Media Authority Antipodes is monitoring exposed MongoDB installations since July 2015 using intelligence provided by the ShadowServer nonprofit.
The organization reports about 400 exposed MongoDB databases a day to 90 percent of Australia’s network providers via the Australian Internet Security Initiative (AISI).
Stay tuned …
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(Security Affairs – MongoDB databases , hacking)