Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims

Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims

By | September 6th, 2017
No Comments on Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims

Ransom attacks on MongoDB databases rekindled last week and over the

weekend with the emergence of three new groups that hijacked over 26,000

servers, with one group hijacking 22,000.


														
							

Several security researchers have tracked the attacks with the help of a Google Docs spreadsheet. In total, attackers ruined over 45,000 databases, if not even more.

From MongoDB, ransom attacks also spread to other server technologies, such as ElasticSearchHadoop, CouchDBCassandra, and MySQL servers.

Over the spring and summer, hacking groups involved in these attacks waned off, and the number of ransomed servers went down.

Last week, three new groups emerged, identified based on the email address they used in the ransom notes.

“The amount of (new) attackers went down compared with the beginning of the year, but the destructive reach (in regards to victims) per attack went up in numbers,” Gevers told Bleeping Computer in a private conversation. “So it looks like there are fewer attackers but with a larger impact.”

To put it in perspective, it took attackers from the first wave of MongoDB attacks nearly a month to rack up 45,000 ransomed DBs. The Cru3lty group managed half of that only last week.

Source

Google
Nisheeth Bhakuni