MongoDB ransacked: Now morethen 25,000 databases hit in mass ransom attacks

A huge number of ineffectively arranged MongoDB databases have been bargained over the previous week, with aggressors wiping information and requesting up to one bitcoin to return it.

In you mongo db show documrnt like below

{
"_id" : ObjectId("5871ed160c474c47dc9f3e80"),
"Info" : "Your DB is Backed up at our servers, to restore send 0.1 BTC to the Bitcoin Address then send an email with your server ip",
"Bitcoin Address" : "1J5ADzFv1gx3fsUPUY1AWktuJ6DF9P6hiF",
"Email" : "[email protected]"
}

The connection between the Windows ransomware and the MongoDB attacks comes from the usage of the same email address in both attacks: [email protected].

Professional ransomware group gets involved in MongoDB attacks

As the number of hijacked servers grew to over 28,000, the massive surge that took place over the weekend was driven by the involvement of Kraken, a group that has been previously involved with the distribution of "classic" Windows ransomware

Victor Gevers, from Netherlands-based GDI Foundation, and Niall Merrigan, a Norway-based engineer, have been following a surge in assaults on MongoDB establishments in which a modest bunch of gatherings are wiping defenseless databases and supplanting them with a vacant database with names, for example, a 'Notice', 'PWNED', and 'PLEASE_READ'.

The assailants claim to hold a duplicate that can be acquired for in the vicinity of 0.2BTC and 1BTC, yet there's no certification the information is really accessible if an installment is made.

As indicated by Merrigan, somewhere in the range of 27,000 MongoDB servers have been traded off in the previous day, up from an expected 2,000 on January 3 and 8,542 on January 5.

MongoDB is a prevalent open-source NoSQL database, generally utilized for huge information and investigation. On the DB-Engines Ranking of database notoriety it remains in fourth spot out of 315 frameworks, behind just Oracle, MySQL, and Microsoft SQL Server.

At the present check, more than a fourth of the 99,000 MongoDB occasions open to the web have been traded off.

"If you take regular backups of the compromised database, you can restore the most recent backup... If you don't have a backup or are otherwise unable to restore the data, unfortunately your data may be permanently lost"

MongoDB ransacking - Google Sheets: https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=0

How To Prevent Mongodb Database

1. Have a backup? Restore it!
2. Enable Authentication - https://docs.mongodb.com/manual/tutorial/enable-authentication/
3. Do not allow your EC2 to be open to the world for your MongoDB port. Use your Security groups!
4. Not sure how to enable authentication? Try using Atlas instead.

About The Massive Technolab

Avatar
Who We Are

Massive Technolab is a Leading IT services Company in India that expertise in web Development, Web Design and SEO at affordable rates.

Leave a Comment

comments powered by Disqus