One Hacker Wiped Data From Nearly Half of All MongoDB Databases and Left Ransom Notes Behind

Hacker Attacks Half of All MongoDB Databases

According to a report from ZDNet, if the owners of around 23 thousand MongoDB databases try to access the information inside them, they won't find it. Instead, all they'll see is a ransom note filled with, on the face of it, at least, some pretty serious threats.

The attack was discovered by a GDI Foundation researcher called Victor Gevers, and initially, it was a lot smaller. Apparently, at first, the hacker responsible for it targeted a single misconfigured MongoDB installation. They would go in and, without actually touching the data, would leave a note, claiming that the information has been "backed up," and that to prevent it from leaking to the whole wide world, the owner needs to pay a 0.015BTC (about $136) ransom. This was most probably the testing phase of the attack.

An automated script wiped the data from 47% of all MongoDB databases

Victor Gevers told ZDNet that on June 30, the same hacker launched an automated script that identified 23 thousand vulnerable MongoDB databases, compromised them, and wiped the information they contained. The hacker left a ransom note behind that demanded the same 0.015BTC ransom for restoring of the data.

The attack wasn't especially sophisticated, but its scale is definitely noteworthy. According to ZDNet, the 23 thousand databases comprise a whopping 47% of all MongoDB servers around the world. On Twitter, a security professionals collective called Shadowserver said that 23 thousand is also pretty close to the number of MongoDB databases that are accessible without any form of authentication.

As ZDNet pointed out, at least some of the wiped databases are part of test environments, but it's safe to assume that quite a lot of production data has been lost as well, and its owners are probably pretty desperate to get it back. Those who, for one reason or another, don't have a backup might be tempted to pay the ransom. After all, considering how much valuable information might be at stake, $136 doesn't seem like such a huge sum, and the expense will serve as a reminder of how important password protection is. Before they reach for their checkbooks, however, they need to bear in mind that they can have no guarantees that they'll get their data back. In general, crooks are not to be trusted, and we mustn't forget how huge the amount of affected data could be. The hacker is unlikely to have a copy of all of it, so before they pay the ransom, owners of affected databases who don't have a working backup should probably think twice. Those who do have backups are also faced with a bit of a dilemma.

The attacker threatens to report victims' GDPR violations to the authorities

If the ransom note is to be believed, the victims don't have much time to think. The attacker says that if they don't pay up within 48 hours, all the compromised data will be leaked for the world to see. This isn't really a terribly innovative tactic. Usually, cybercriminals use deadlines and threats in order to get their victims into yielding the demands, and over the last few months, warning ransomware victims that their data could be sold or leaked has been especially popular.

The attacker that wiped half the world's MongoDB databases, however, pushed it up a notch. According to the ransom note, if the victim doesn't comply with the demands, the attacker will contact the authorities responsible for enforcing the EU's General Data Protection Regulation (GDPR) and will report the leaky databases. Quite a few things might suggest that this is a hollow threat.

For one, as we mentioned already, it's not clear whether the hacker has a copy of the compromised data, and even if they do, if they want to alert the authorities, they'll need to admit that they've committed a crime, which they're probably not that keen on doing. All in all, although they should be held responsible for poorly handling people's data, victims of this attack are unlikely to be persecuted by the EU.

Hopefully, they'll learn their lesson as well because the incident is a pretty grim reminder of how much personal information is stored incorrectly. It's also a very real illustration of how serious the consequences of all this could be.

By Duran
July 3, 2020
News
English
July 3, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Customer Data Has Been Exposed to Unknown Parties in a DigitalOcean Data Leak

Historically, we have learned to associate data breaches with cybercriminals who use clever techniques to hack their way past the targeted organizations' defenses and steal users' personal details. While it is true... Read more

May 11, 2020
News

A Data Breach at a Live Event Equipment Manufacturer Reveals Employees' Personal and Financial Data

Last week, TAIT Towers Manufacturing LLC, a manufacturer of equipment for live events and concerts that has worked with the likes of Lady Gaga and Taylor Swift, issued one of those statements where it has to explain... Read more

June 16, 2020
Malware

SARS-CoV-2 Malware Brings Terror with Data Encryption and Ransom Demands

It's an indisputable fact that the COVID-19 strain has created new opportunities for cyber attackers. Apart from running Coronavirus-related spam email campaigns, hackers have also used the strain to name their... Read more

April 27, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.