Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Cybercriminals hold more than 10,000 website databases for ransom

Jonathan Keane
By

mongodb database ransom rusty padlock
Garretttaggs /Wikimedia Commons
Hacker groups have targeted the exposed databases of more than 10,000 websites, with the attackers demanding ransoms to restore them.

On Friday, security researchers revealed that thousands of publicly exposed MongoDB databases had been copied and deleted by a lead group using the name Harak1r1. The misconfigured databases meant that anyone could access them.

Victor Gevers of the GDI Foundation first found up to 200 databases affected but since then more researchers have discovered vulnerable databases totaling more than 10,000. The founder of Shodan pointed out that he was able to find nearly 2,000 in his own searches.

The culprits are demanding up to 0.2 bitcoin ($180) per database for their restoration, according to messages left for some of the administrators. Since Harak1r1 began its campaign, four other groups have started imitating and hunting down exposed sites to hold hostage. It’s not known if the groups are coordinated or connected in any way.

These attacks aren’t your traditional cases of ransomware as no data has actually been encrypted. Rather, the attackers have replaced exposed data with a note demanding money for its return. Nevertheless it creates a massive headache for the data’s owners.

Gevers believes that the affected databases can be attributed to older, legacy MongoDB databases that were deployed on cloud services and not adequately protected, with the configuration left open.

“The most open and vulnerable MongoDBs can be found on the AWS platform because this is the favorite place for organizations who want to work in a devops way,” Gevers told Bleeping Computer. “About 78 percent of all these hosts were running known vulnerable versions.”

Gevers advises against paying the ransom to the criminals but figures from Blockchain.info now show 22 transactions made to Harak1r1’s bitcoin wallet, most likely from administrators desperate to get their databases back in working order. Paying off the ransom is unfortunately not a guarantee that the data will be properly restored.

MongoDB has a security checklist available for any users that encounter attacks or breaches.

Editors' Recommendations

Hackers may be hiding in plain sight on your favorite website
A depiction of a hacked computer sitting in an office full of PCs.
Malwarebytes resolves error that was blocking Google this morning
malwarebytes shows av firms failing customers keyboard virus mem2
This beloved TikTok hashtag just got its own app feature
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.
Windows 11 2022 Update: the best new features to try out today
Android Apps on Windows 11
Best laser printer deals: Save on Brother and Canon today
A person uses a smartphone to print something with a Brother MFC-L2710DW wireless monochrome laser printer on an office table.
The best gaming laptops in 2022
2019 Razer Blade Pro 17
The best Wi-Fi 6 routers for 2022
The Nighthawk RAXE300 on a tabletop in a home.
The best Chromebooks for 2022: great choices at every price point
Close up of the Chrome logo on the top of a Chromebook.
Best Chromebook deals for October 2022
Google Meets on an HP Chromebook.
Best HP Envy deals for October 2022
An HP Envy 17-inch laptop sits on an office desk.
Best desktop computer deals for October 2022
The HP Pavilion desktop computer accompanied by two gaming monitors and a colorful gaming keyboard.
Best VPN deals and sales for October 2022
A close-up of a computer monitor displaying a generic VPN.
Best refurbished laptops deals and sales for October 2022
microsoft surface laptop go 2020 on desk