There is a ransomware that allows hackers to get access to people’s MongoDB systems, wipe the data of the database and then ask for ransom to restore the database information.
A ransomware usually isn’t a specific program: it is like any other malware or hacking tool used to obtain unauthorized access to people’s systems. In this case, instead of taking over the system for the sake of sabotaging it or infecting it with a virus, it is used to demand ransom. The data is not destroyed; it is either encrypted or stored somewhere else. Once the ransom has been paid the information is usually restored. Unfortunately, some hackers are not careful about the data and they end up destroying it completely.
The current spate of attacks is being carried out on the MongoDB systems. MongoDB is a, as defined on their website, free and open-source cross-platform document-oriented database program. Basically, it is a database like MySQL and SQL.
The attackers are specifically targeting unsecured MongoDB systems to hijack data and then ask for ransom. The attackers are exploiting badly-configured MongoDB databases. Shockingly, as reported in this Next Web post, in every case where a MongoDB server has been hacked, the administrative account was configured without a password.
There is a free-for-all situation. Sometimes a single MongoDB database is hacked by multiple hacking groups and all these groups are leaving their individual ransom notes to the point that it becomes impossible to know whom to pay the ransom to. So far, according to the above update, almost 10,500 MongoDB servers have been hacked.
A good lesson to be learned from these MongoDB attacks is that one should be careful about passwords and administrative access, especially to as critical a system as a database server.
The fact that these MongoDB servers are being run without an administrative password implies that the hacked servers don’t belong to big organisations or critical businesses. Even the ransom amount is around $150-$200. The problem is that multiple groups are hacking into the systems and some of these groups don’t even save the data which means, even when the ransom is paid, there is bleak chance of getting the data back.
So, if you are reading this and you use a MongoDB database and your database still hasn’t been hacked, probably create a strong password for administrative access. More than 25% MongoDB setups are already compromised.