Categories: NewsSecurity

MongoDB Hackers Demand Bitcoin Ransom From Over 26,000 Compromised Servers

Even though Bitcoin lacks all of the properties criminals should look for in an anonymous currency, it is still quite popular. The recent wave of attacks against unprotected MongoDB databases illustrates that point perfectly. All of the groups responsible for these attacks have demanded payments be made in Bitcoin. This last wave of attacks saw over 26,000 servers getting hijacked, which is an astonishing number. These types of attacks have been prominent since December of 2016.

MongoDB Attacks Continue Unabated

If something works just fine, there is no reason to fix it. Cybercriminals operate with a similar mindset; if their previous plan of attack was successful, all the more reason to keep experimenting with it. The MongoDB attacks, which started in December of last year, are still a lucrative business model for criminals nine months later. A lot of servers running such databases still are not properly protected against major attacks like these.

These types of ransom attacks against MongoDB databases only work if a database is left open for external connections. Unfortunately, there are quite a lot of such databases to be found, which can cause major problems for the companies involved. The assailants will copy the database content, wipe the original content, and replace it with a ransom demand. Considering how most companies cannot afford to lose important customer data, they are forced to pay the Bitcoin ransom as a result.

The recent wave of attacks was a joint operation by multiple hacking crews. One group in particular exposed over 22,000 MongoDB servers through an external connection. Two other groups enjoyed less of a success, although they made 3,516 and 839 victims respectively. As is to be expected, every victim is asked to make a

Related Post
Bitcoin payment. The ransom amounts range from 0.05 BTC to 0.2 BTC, indicating there is a lot of money to be made. Even if only 10% of the victims were to pay up, it would result in a 3,484.5 Bitcoin payday for all three hacking crews combined.

Luckily, it appears the majority of the exposed databases belong to test systems. Others contained production data and a few companies paid the ransom before realizing the criminals did not even have their data in the first place. It is unclear how much money changed hands due to these “bogus” ransom notes, though. Attacks against MongoDB databases have been ongoing for some time now, as over 45,000 databases have been wiped clean since last December. That is a very disappointing and disconcerting number.

Interestingly enough, this type of attack was virtually nonexistent as recently as this summer. With these three new groups emerging and scoring major initial successes, it is not unlikely we would see more attacks against MongoDB servers in the future. Database administrators need to properly evaluate their security settings and blacklist external connections from IP addresses not cleared by the company. It will take a bit of work to set this up properly, but it is direly needed.

These MongoDB attacks are only the latest tool in a growing arsenal of attack vectors maintained by cybercriminals these days. Malware, ransomware, data wipers, bricking tools, and database hacks are just some of the concerns security researchers have to deal with on a daily basis. Companies have to step up their security game in a big way to prevent more issues like these from happening. One cannot simply rely on security researchers in this regard, as it is due time to take matters into one’s own hands.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

3 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

3 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

3 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

3 hours ago

$ELIZA Token Launch Marred By Insider Trading Allegations

The launch of $ELIZA, a token introduced by Andreessen Horowitz (a16z) partner @shawmakesmagic, has sparked…

4 hours ago

Cardano’s Rally Highlights Diverging Moves Among Investors

Cardano ($ADA) has been making waves in the crypto market, breaking away from the altcoin…

4 hours ago