MongoDB ransom attacks soar, according to the Australian Communications and Media Authority Antipodes the number of hacked systems more than double to 27,000 in just a day. According to the experts, the hackers are implementing an extortion mechanism copying and deleting data from vulnerable databases.
Crooks request the payment of a ransom in order to return data and help the company to fix the flaw they exploited. Last week I reported the story of a mysterious attacker that goes online with the harak1r1 moniker, he is breaking into unprotected MongoDB databases, stealing their content, and requesting for a 0.2 bitcoins (US$184) ransom to return the data.bitcoins (US$184) ransom to return the data.
The attacks were discovered by the Co-founder of the GDI Foundation, Victor Gevers, who warned of poor security for MongoDB installations in the wild. The security expert has discovered 196 instances of MongoDB that were wiped by Harak1r1 and being held for ransom.
The analysis of the Bitcoin wallet used by Harak1r1 revealed that at least 22 victims appeared to have paid.
— Victor Gevers (@0xDUDE) 5 gennaio 2017
According to the security researcher Niall Merrigan the number of attacks have soared from 12,000 earlier today to 27,633 in just 12 hours. According to the expert the attacks were powered by at least 15 different actors. One of the attackers goes online with the moniker ‘kraken0’ has compromised 15,482 MongoDB databases demanding victims the payment of 1 bitcoin ($US921).
— Niall Merrigan (@nmerrigan) 8 gennaio 2017
The researcher is collecting information on the attacks including information provided by Victor Gevers.
The Australian Communications and Media Authority Antipodes is monitoring exposed MongoDB installations since July 2015 using intelligence provided by the ShadowServer nonprofit.
The organization reports about 400 exposed MongoDB databases a day to 90 percent of Australia’s network providers via the Australian Internet Security Initiative (AISI).
Stay tuned …
(Security Affairs – MongoDB databases , hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.