Cybercriminals hold more than 10,000 website databases for ransom

mongodb database ransom rusty padlock
Garretttaggs /Wikimedia Commons
Hacker groups have targeted the exposed databases of more than 10,000 websites, with the attackers demanding ransoms to restore them.

On Friday, security researchers revealed that thousands of publicly exposed MongoDB databases had been copied and deleted by a lead group using the name Harak1r1. The misconfigured databases meant that anyone could access them.

Victor Gevers of the GDI Foundation first found up to 200 databases affected but since then more researchers have discovered vulnerable databases totaling more than 10,000. The founder of Shodan pointed out that he was able to find nearly 2,000 in his own searches.

The culprits are demanding up to 0.2 bitcoin ($180) per database for their restoration, according to messages left for some of the administrators. Since Harak1r1 began its campaign, four other groups have started imitating and hunting down exposed sites to hold hostage. It’s not known if the groups are coordinated or connected in any way.

These attacks aren’t your traditional cases of ransomware as no data has actually been encrypted. Rather, the attackers have replaced exposed data with a note demanding money for its return. Nevertheless it creates a massive headache for the data’s owners.

Gevers believes that the affected databases can be attributed to older, legacy MongoDB databases that were deployed on cloud services and not adequately protected, with the configuration left open.

“The most open and vulnerable MongoDBs can be found on the AWS platform because this is the favorite place for organizations who want to work in a devops way,” Gevers told Bleeping Computer. “About 78 percent of all these hosts were running known vulnerable versions.”

Gevers advises against paying the ransom to the criminals but figures from Blockchain.info now show 22 transactions made to Harak1r1’s bitcoin wallet, most likely from administrators desperate to get their databases back in working order. Paying off the ransom is unfortunately not a guarantee that the data will be properly restored.

MongoDB has a security checklist available for any users that encounter attacks or breaches.

Emerging Tech

This startup will sequence your entire genome for free — but there’s a catch

Want to get your DNA sequenced but don’t want to shell out the hundred bucks or so to do so? A new startup called Nebula Genomics offers you the opportunity to have it done for free.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Gaming

The best free-to-play games you can play right now

Believe it or not, free-to-play games have evolved into engaging, enjoyable experiences. Here are a few of our favorites that you can play right now, including Warframe and the perennially-popular League of Legends.
Emerging Tech

Watch this lab-grown heart tissue beat just like the real thing

A team of researchers in Germany have used stem cells to create a lab-grown human heart tissue which actually beats, as well as responding to drugs in the same way as the real thing.
Computing

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.
Computing

Crypto hangover could take blame for Nvidia’s potential GeForce RTX 2060 delay

Nvidia's delay in announcing a ship date for its GeForce RTX 2060 GPU could be due to a burst in the cryptocurrency mining bubble. Executives blamed the crypto hangover for an oversupply of inventory on existing GTX 1060 cards,
Computing

Save $900 on the ThinkPad X1 Carbon and more with Lenovo’s Cyber Monday sales

In the latest set of holiday sales, Lenovo is heavily discounting its fifth-generation ThinkPad X1 Carbon and other popular Windows laptops and 2-in-1s for the holiday shopping season.
Computing

Want to make one hard drive act like two? Here's how to partition in Windows

If you don't want all of your files stored in one place but only have one drive to work with, partitioning is your best way forward. Here's how to partition a hard drive in Windows 10, step by step.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up speech-to-text in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

These cheap laptops will make you wonder why anyone spends more

Looking for a budget notebook for school, work, or play? The best budget laptops, including our top pick -- the Asus ZenBook UX330UA -- will get the job done without digging too deep into your pockets.
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…
Computing

Don't use streaming apps? These are the best free players for your local music

Rather than using music streaming apps, you may want something for playing your local music. Good news! There are some good alternatives. These are the best media players you can download for free on Windows.
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!
Computing

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.