Several security researchers have tracked the attacks with the help of a Google Docs spreadsheet. In total, attackers ruined over 45,000 databases, if not even more.
From MongoDB, ransom attacks also spread to other server technologies, such as ElasticSearch, Hadoop, CouchDB, Cassandra, and MySQL servers.
Over the spring and summer, hacking groups involved in these attacks waned off, and the number of ransomed servers went down.
Last week, three new groups emerged, identified based on the email address they used in the ransom notes.
“The amount of (new) attackers went down compared with the beginning of the year, but the destructive reach (in regards to victims) per attack went up in numbers,” Gevers told Bleeping Computer in a private conversation. “So it looks like there are fewer attackers but with a larger impact.”
To put it in perspective, it took attackers from the first wave of MongoDB attacks nearly a month to rack up 45,000 ransomed DBs. The Cru3lty group managed half of that only last week.
