Hackers launch new wave of Ransomware attack on 26,000 unsecured MongoDB Databases


Last weekend, which was literally long due to labor day witnessed hackers launch a new wave of ransomware attack on unsecured 26,000 MongoDB Databases. And as per the details available to the media, the cyber crooks not only succeeded in encrypting the unsecured instances but also asked for a 0.15 BTC ransom to restore the data.

Cybersecurity Insiders learned that the message left by hackers on the MongoDB databases was as follows- “We have your data. Your database is backed onto our servers and will only be made available to you when you pay us a ransom of $650”.

The attacks were first discovered by security researchers Victor Gevers and Niall Merrigan who then found that the attacks were launched in 3 sets by hackers. 

The first set of hack witnessed the leakage of more than 22,000 accounts from MongoDB. In the second attack more than 3,500 accounts were compromised and in the third attempt, hackers managed to encrypt around 500 accounts.

It is still unclear whether all the hacking instances were made by a single hacking group or varied with time.

Note 1- Cru3lty@safe-mail.net and  wolsec@secmail.pro were the two email addresses associated with 2 of the said 3 groups.

Note 2- And as per the sources reporting to Cybersecurity Insiders, a hacking group called Cru3lty received a total of 0.8 BTC for its efforts and is said to be the only group to have received a payment.

Note 3- As all the databases were running on default settings they were completely exposed to the internet.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display