Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Cybercriminals hold more than 10,000 website databases for ransom

Add as a preferred source on Google

Hacker groups have targeted the exposed databases of more than 10,000 websites, with the attackers demanding ransoms to restore them.

On Friday, security researchers revealed that thousands of publicly exposed MongoDB databases had been copied and deleted by a lead group using the name Harak1r1. The misconfigured databases meant that anyone could access them.

Recommended Videos

Victor Gevers of the GDI Foundation first found up to 200 databases affected but since then more researchers have discovered vulnerable databases totaling more than 10,000. The founder of Shodan pointed out that he was able to find nearly 2,000 in his own searches.

The culprits are demanding up to 0.2 bitcoin ($180) per database for their restoration, according to messages left for some of the administrators. Since Harak1r1 began its campaign, four other groups have started imitating and hunting down exposed sites to hold hostage. It’s not known if the groups are coordinated or connected in any way.

These attacks aren’t your traditional cases of ransomware as no data has actually been encrypted. Rather, the attackers have replaced exposed data with a note demanding money for its return. Nevertheless it creates a massive headache for the data’s owners.

Gevers believes that the affected databases can be attributed to older, legacy MongoDB databases that were deployed on cloud services and not adequately protected, with the configuration left open.

“The most open and vulnerable MongoDBs can be found on the AWS platform because this is the favorite place for organizations who want to work in a devops way,” Gevers told Bleeping Computer. “About 78 percent of all these hosts were running known vulnerable versions.”

Gevers advises against paying the ransom to the criminals but figures from Blockchain.info now show 22 transactions made to Harak1r1’s bitcoin wallet, most likely from administrators desperate to get their databases back in working order. Paying off the ransom is unfortunately not a guarantee that the data will be properly restored.

MongoDB has a security checklist available for any users that encounter attacks or breaches.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more