Hackers delete over 12, 000 unsecured MongoDB databases

MongoDB attacks: victims are demanded payment to restore the database

Over 12, 000 unsecured MongoDB databases have been deleted over the past three weeks with only option left behind asking the owners to make contact the hackers to have the data back.

A security researcher, Sanyam jain discovered and reported the attacks and believes that this is most likely charging money in Cryptocurrency. The sum of the money may be smaller or bigger that’s depends on the sensitiveness of the database.

The attacked was firstly reported on 24th of April by this year. He noticed that the MongoDB database did not contain the usual huge amounts of the leaked data but the following note:

“Restore ? Contact : [email protected]”.

That means, hackers were dropping some ransom note and asking the victims to contact them via email addresses [email protected] or [email protected] in order to get the data back to the system.

It is believed that the hackers are open to negotiate the terms of data recovery because no any exact details were given about the ransom amount.

MongoDB has faced the attacks even before

As per the sub-title, this is not the first time when MongoDB databases are attacked this way. In the year 2017, 28, 000 MangoDB databases were victimized by the hackers.  The attacks might happen because the servers were accessible through the Internet. Already compromised servers were also prone to the vulnerability.

Another incident was in 2018 when MangoDB databases was at risk of MongoLock ransomware discovered by Bob Diachenko. He shared that by some malicious campaign hackers connect to database and simply erase it. A new database, Warning with a name Readme were placed in the place of the old one database. Readme contains ransom note that the database has been encrypted in order to get it restored it back the victims have to pay. In this attack as well, the hackers did not mention the ransom amount and just putted the email addresses to the victims asking them to make a contact to  the operators.