MongoDB Servers

Recently, an unknown hacker got unauthorized access to more than 22,900 MongoDB databases that are accessible online without any password, and this event covers 47% of all MongoDB databases. Here, the hacker left a ransom note, asking for a ransom of 0.015 bitcoin, which is about $135.55.

Using an automation script, the hacker finds the unprotected databases accessible on the internet without any password, erases their content, and left a ransom note. report says.

Ransom Note

The hacker has given two days to the victims to pay the ransom, or else they threaten to publish the stolen data publicly and asserted that they would report this leak to the local authority responsible for complying with the General Data Protection Regulation (GDPR).

This attack was discovered by a GDI Foundation investigator, Victor Gevers, and was initially much smaller. The hacker responsible for this pointed to a single misconfigured MongoDB installation.

According to Victor Gevers, the attacker did not initially delete data from the database. As the attacker left a ransom note and, after a few days, reconnected to the database and left the note again. 

But, later, the hacker realized his/her mistake and corrected the script, after which he/she deleted all the contents of the databases.

Hacker used GDPR violations as an extortion strategy

Though the tactic used by the hacker is not so innovative, but, the hacker took it to a higher level. As the hacker clearly mentioned in the ransom note that if the victim does not comply with the demands, then the attacker will contact the authorities responsible for enforcing the EU General Data Protection Regulation (GDPR) and report this leak.

Moreover, Gevers reported that some MongoDB installations are test installations, and the production systems also suffered damages during this attack; even some firms also lost the backups of their data as well.

Apart from this, this incident will make them learn a proper lesson on security issues and necessary security measures. But, we strongly recommend you do not pay any ransoms, as there is no guarantee that you will get back your data after paying the ransom.

You can also read the complete ransomware mitigation checklist.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read :

New Ransomware “EvilQuest” Attacking macOS Users to Encrypts Users Files

Most Ransomware Attacks Take Place in the Night or During Weekends

Xerox Corporation Hacked by Maze Ransomware Operators – Sensitive Files are Encrypted

Leave a Reply