Cyber-extortionists in the past few weeks have turned their attention to MongoDB databases and are wreaking havoc for those who rely on them. In particular, these cyber-extortionists are deleting MongoDB databases by the thousands if demands are not met. As reported by Bleeping Computer, the attacks in question were first noticed by researcher Sanyam Jain and follow a particular modus operandi:
The researcher first noticed the attacks on April 24, when he initially discovered a wiped MongoDB database which, instead of the huge quantities of leaked data he was used to finding, only contained the following note: Restore ? Contact : [email protected]
As he later discovered, after dropping the databases, the cyber-extortionists leave behind ransom notes asking their victims to get in touch if they want to restore their data by sending an email to one of the following two email addresses: [email protected] or [email protected]
While the method used by the attackers to find and wipe databases in such large numbers is not yet known, the entire process is most probably completely automated.
After connecting to one of the publicly accessible MongoDB databases left unprotected on the Internet, the script or program used to do it is also configured to indiscriminately delete every unsecured MongoDB it can find, and then to add the ransom tables.
As Jain noted, the motive behind these attacks are likely monetary in nature (I say “likely” because the attackers are not responding to any attempted communication from journalists). Though there is no set ransom amount, the email contact is utilized to negotiate terms of returning the database to the rightful owner (for a right price of course). Something that the author of the Bleeping Computer article, Sergiu Gatlan, notes that these attacks are only possible due to poor security practices. MongoDb actually gives easy-to-follow steps for securing a database that all administrators can utilize.
Cyber-extortion takes various forms, and it succeeds because the criminals are able to capitalize on fear. Take away their bargaining chips and you effectively cut them off at the knees.
Featured image: Wikimedia / Ularugeanina