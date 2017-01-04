Over 1,800 MongoDB Databases Held For Ransom By Mysterious Attacker (bleepingcomputer.com) 9
An anonymous reader writes: "An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a 0.2 Bitcoin ($200) ransom to return the data," reports Bleeping Computer. According to John Matherly, Shodan founder, over 1,800 MongoDB databases have had their content replaced with a table called WARNING that contains the ransom note. Spotted by security researcher Victor Gevers, these databases are MongoDB instances that feature no administrator password and are exposed to external connections from the internet. Database owners in China have been hit, while Bleeping Computer and MacKeeper have confirmed other infections, one which hit a prominent U.S. healthcare organization and blocked access to over 200,000 user records. These attacks are somewhat similar to attacks on Redis servers in 2016, when an unknown attacker had hijacked and installed the Fairware ransomware on hundreds of Linux servers running Redis DB. The two series of attacks don't appear to be related.
Managed by morons (Score:3)
Your database is exposed to the internet and doesn't have a password? How is it you are still employed?
$200 (Score:3)
... asking for 0.2 Bitcoin ($200) ransom
That seems like a modest ransom. At least he isn't greedy.
Clearly... (Score:4, Funny)
Too bad there's no CVE for retarded admins (Score:1)
If there was a CVE assigned for every stupid mongodb admin, they'd have blown Android out of the water.
You do NOT put your database on the internet! Opening your mongodb to the internet does NOT make it webscale!
Russians (Score:1)
Those pesky Russians are at it again.