Cybercriminals hold more than 10,000 website databases for ransom

By Jonathan Keane Published January 7, 2017

Hacker groups have targeted the exposed databases of more than 10,000 websites, with the attackers demanding ransoms to restore them.

On Friday, security researchers revealed that thousands of publicly exposed MongoDB databases had been copied and deleted by a lead group using the name Harak1r1. The misconfigured databases meant that anyone could access them.

Recommended Videos

Victor Gevers of the GDI Foundation first found up to 200 databases affected but since then more researchers have discovered vulnerable databases totaling more than 10,000. The founder of Shodan pointed out that he was able to find nearly 2,000 in his own searches.

The culprits are demanding up to 0.2 bitcoin ($180) per database for their restoration, according to messages left for some of the administrators. Since Harak1r1 began its campaign, four other groups have started imitating and hunting down exposed sites to hold hostage. It’s not known if the groups are coordinated or connected in any way.

These attacks aren’t your traditional cases of ransomware as no data has actually been encrypted. Rather, the attackers have replaced exposed data with a note demanding money for its return. Nevertheless it creates a massive headache for the data’s owners.

Gevers believes that the affected databases can be attributed to older, legacy MongoDB databases that were deployed on cloud services and not adequately protected, with the configuration left open.

“The most open and vulnerable MongoDBs can be found on the AWS platform because this is the favorite place for organizations who want to work in a devops way,” Gevers told Bleeping Computer. “About 78 percent of all these hosts were running known vulnerable versions.”

Gevers advises against paying the ransom to the criminals but figures from Blockchain.info now show 22 transactions made to Harak1r1’s bitcoin wallet, most likely from administrators desperate to get their databases back in working order. Paying off the ransom is unfortunately not a guarantee that the data will be properly restored.

MongoDB has a security checklist available for any users that encounter attacks or breaches.

Topics

Former Digital Trends Contributor

Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…

Computing

Outlook typing lag will finally get a fix from Microsoft

A Dell laptop connected to a hard drive on a couch.

If you use classic Outlook to handle your emails, then you're most likely familiar with the annoying bug that causes huge CPU spikes while typing. It can be difficult to finish emails when your system resources jump by as much as 50 percent (and increase power usage with it), but Microsoft has finally announced that a fix is on the way. The downside? It won't arrive until late May for most users, although some might see it in early or mid May if they're part of the beta program. Until then, there is a workaround.

Rolling classic Outlook back to version 2405 seems to fix the issue, but it comes with a not-insignificant tradeoff. Updates since version 2405 have patched several security flaws, so if you opt to go this route, be aware that it opens your system to vulnerabilities.

Computing

YouTube’s AI Overviews want to make search results smarter

YouTube App

YouTube is experimenting with a new AI feature that could change how people find videos. Here's the kicker: not everyone is going to love it.

The platform has started rolling out AI-generated video summaries directly in search results, but only for a limited group of YouTube Premium subscribers in the U.S. For now, the AI Overviews are focused on things like product recommendations and travel ideas. They're meant to give quick highlights from multiple videos without making users look at each item they're interested in.

Computing

OpenAI’s GPT-4 might be coming to an end. Here’s why that’s actually good news

OpenAI's new typeface OpenAI Sans

OpenAI has seen many changes in recent weeks, and more are quickly coming. The AI company has yet to confirm the launch of its upcoming GPT-5 AI model. However, it is making room for its planned model by ending support for other models in its lineup. OpenAI recently announced that it is retiring its GPT-4 AI model as of April 30. GPT-4 stood as one of the brand’s most popular and longest-running large language models. However, the company has already shifted its focus away from its original large language model technology and more toward its series of reasoning models and other technologies in recent months.

The brand has also made some interesting moves by introducing a new GPT 4.1 model family, strictly as an API for developers, while simultaneously indicating plans to sunset the recently launched GPT-4.5 model and also releasing the o3 and o4 reasoning models. While not yet confirmed, these moves appear to propel the GPT-5 timeline closer to launch.