1. Computing

Cybercriminals hold more than 10,000 website databases for ransom

By

mongodb database ransom rusty padlock
Garretttaggs /Wikimedia Commons
Hacker groups have targeted the exposed databases of more than 10,000 websites, with the attackers demanding ransoms to restore them.

On Friday, security researchers revealed that thousands of publicly exposed MongoDB databases had been copied and deleted by a lead group using the name Harak1r1. The misconfigured databases meant that anyone could access them.

Victor Gevers of the GDI Foundation first found up to 200 databases affected but since then more researchers have discovered vulnerable databases totaling more than 10,000. The founder of Shodan pointed out that he was able to find nearly 2,000 in his own searches.

The culprits are demanding up to 0.2 bitcoin ($180) per database for their restoration, according to messages left for some of the administrators. Since Harak1r1 began its campaign, four other groups have started imitating and hunting down exposed sites to hold hostage. It’s not known if the groups are coordinated or connected in any way.

These attacks aren’t your traditional cases of ransomware as no data has actually been encrypted. Rather, the attackers have replaced exposed data with a note demanding money for its return. Nevertheless it creates a massive headache for the data’s owners.

Gevers believes that the affected databases can be attributed to older, legacy MongoDB databases that were deployed on cloud services and not adequately protected, with the configuration left open.

“The most open and vulnerable MongoDBs can be found on the AWS platform because this is the favorite place for organizations who want to work in a devops way,” Gevers told Bleeping Computer. “About 78 percent of all these hosts were running known vulnerable versions.”

Gevers advises against paying the ransom to the criminals but figures from Blockchain.info now show 22 transactions made to Harak1r1’s bitcoin wallet, most likely from administrators desperate to get their databases back in working order. Paying off the ransom is unfortunately not a guarantee that the data will be properly restored.

MongoDB has a security checklist available for any users that encounter attacks or breaches.

Editors' Recommendations

How to protect your smartphone from hackers and intruders

Can cops and hackers track your phone

The most common Microsoft Teams problems, and how to fix them

microsoft teams new features for coronavirus digital trends

How to tell if your webcam has been hacked

razer siren x mic kiyo webcam and 4

How to set up a VPN

best VPN services

MacOS Catalina has arrived. Here are the 5 best features

Photo of MacOS Catalina Photos screen

Microsoft Edge vs. Google Chrome: Performance, design, security, and more

microsoft edge chromium to roll out automatically soon chrome

Microsoft Surface Pro 7 vs. Microsoft Surface Pro 6

Microsoft Surface event October 2019

Microsoft Word vs. Google Docs

How to get Microsoft Office for free

How long does your laptop last on a charge? Here’s how to find out

school computers chromebooks more than apples budgetlaptops acerchromebook15

These are the most common Pixelbook problems, and how to fix them

Google Pixelbook hands-on review

Need to work from the road? Here are the 5 best laptops with LTE

Lenovo ThinkPad X1 Carbon (2018) review

Optical vs. laser mouse

Logitech G403 Prodigy

A Paint-esque app does exist on your Mac — and here’s how to find it