MongoDB ransom attacks soar, according to the Australian Communications and Media Authority Antipodes the number of hacked systems more than double to 27,000 in just a day. According to the experts, the hackers are implementing an extortion mechanism copying and deleting data from vulnerable databases.
Crooks request the payment of a ransom in order to return data and help the company to fix the flaw they exploited. Last week I reported the story of a mysterious attacker that goes online with the harak1r1 moniker, he is breaking into unprotected MongoDB databases, stealing their content, and requesting for a 0.2 bitcoins (US$184) ransom to return the data.bitcoins (US$184) ransom to return the data.
The attacks were discovered by the Co-founder of the GDI Foundation, Victor Gevers, who warned of poor security for MongoDB installations in the wild. The security expert has discovered 196 instances of MongoDB that were wiped by Harak1r1 and being held for ransom.
The analysis of the Bitcoin wallet used by Harak1r1 revealed that at least 22 victims appeared to have paid.
According to the security researcher Niall Merrigan the number of attacks have soared from 12,000 earlier today to 27,633 in just 12 hours. According to the expert the attacks were powered by at least 15 different actors. One of the attackers goes online with the moniker ‘kraken0’ has compromised 15,482 MongoDB databases demanding victims the payment of 1 bitcoin ($US921).
The researcher is collecting information on the attacks including information provided by Victor Gevers.
The Australian Communications and Media Authority Antipodes is monitoring exposed MongoDB installations since July 2015 using intelligence provided by the ShadowServer nonprofit.
The organization reports about 400 exposed MongoDB databases a day to 90 percent of Australia’s network providers via the Australian Internet Security Initiative (AISI).
Stay tuned …
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – MongoDB databases , hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.