Bitcoin, Bitcoin News, News

MongoDB Hackers Demand Bitcoin Ransom for Over 26,000 Compromised Servers


TheMerkle MongoDB Hacks Bitcoin

Even though Bitcoin lacks all of the properties criminals should look for in an anonymous currency, it is still quite popular. The recent wave of attacks against unprotected MongoDB databases illustrates that point perfectly. All of the groups responsible for these attacks demand payments to be made in Bitcoin. This last wave of attacks saw over 26,000 servers getting hijacked, which is an astonishing number. These types of attacks have been prominent since December of 2016.

MongoDB Attacks Continue Unabated

If something works just fine, there is no reason to fix it. Cybercriminals operate in a similar mindset; if their previous plan of attack was successful, it is all the more reason to keep experimenting with it. The MongoDB attacks, which started in December  2016, are still a lucrative business model for criminals nine months later. A lot of servers running such databases are not properly protected against major attacks like these.

These types of ransom attacks against MongoDB databases only work if a database is left open for external connections. Unfortunately, there are quite a lot of such databases to be found, which can cause major problems for the companies involved. The assailants will copy the database content, wipe the original content, and replace it with a ransom demand. Considering how most companies cannot afford to lose important [customer] data, they are forced to pay the Bitcoin ransom as a result

This recent wave of attacks was a joint operation by multiple hacking crews. One group in particular exposed over 22,000 MongoDB servers through an external connection. The other groups saw less of a success, although they made 3,516 and 839 victims respectively. As is to be expected, every victim is asked to make a Bitcoin payment. These amounts range from 0.05 BTC to 0.2 BTC, indicating there is a lot of money to be made. Even if only 10% of the victims were to pay up, it results in a 3,484.5 Bitcoin payday for all three hacking crews combined.

Luckily, it appears the majority of these exposed databases belong to test systems. Others contained production data and a few companies paid the ransom before realizing the criminals did not even have their data in the first place. It is unclear how much money changed hands due to these “bogus” ransom notes, though. Attacks against MongoDB databases have been going on for some time now, as over 45,000 databases have been wiped clean between December 2016 and today. That is a very disappointing and disconcerting number.

Interestingly enough, these types of attacks were virtually nonexistent during the Summer of 2017. With these three new groups emerging and scoring major initial successes, it is not unlikely we can expect more attacks against MongoDB servers in the future. Database administrators need to properly evaluate their security settings and blacklist external connections from IP addresses not cleared by the company. It will take a bit of work to set this up properly, but it is direly needed.

These MongoDB attacks are only the latest tool in a growing arsenal of attack vectors maintained by cybercriminals these days. Malware, ransomware, data wipers, bricking tools, and database hacks are just some of the concerns security researchers have to deal with on a daily basis. Companies have to step up their security game in a big way to prevent more issues like these from happening. One cannot just rely on security researchers in this regard, as it is due time to take matters into one’s own hands.


READ  Bankers Outgrow Legacy Finance and Join the Cryptocurrency Space

Leave a Reply

Your email address will not be published. Required fields are marked *