Since the past three weeks, over 12,000 unsecured MongoDB databases have been deleted with only a message left behind that to contact the cyber-extortionists to have data restored, according to the research reports.
This is not the first time happening, previously in September 2017, MongoDB databases were hacked, for ransom. Attackers looking for exposed database servers using BinaryEdge or Shodan search engines to delete them and demand a ransom for their 'restoration services'.
The database record contained a personal detailed identifiable information such as name, gender, date of birth, email, mobile phone number, and many more. Attackers target remotely accessible and unprotected MongoDB these databases and deleting them. Then they demand a ransom in order to get the contents back. This method to find and wipe databases in such large numbers is expected to be automated by the attackers.
Sanyam Jain, an independent security researcher and the one who found the wiped databases, first noticed the attacks on April 24, when he initially discovered a wiped MongoDB database.
Instead of finding the huge quantities of leaked data, he found a note stating: “Restore? Contact : [email protected]”.
This person might be charging money in cryptocurrency according to the sensitivity of the database.
While the method used by attackers to find and wipe databases in such large numbers is not yet known, the entire process is most probably completely automated. And also seem that the attackers may have created restore points to be able to restore the databases they deleted.
There is no way to disclose their faces because when victims have been paying for the databases to restore, Unistellar only provides an email to be contacted and no cryptocurrency address is provided. It's hard to track them.
These attacks can happen only because the MongoDB databases are remotely accessible and access to them is not properly secured.
So, to secure your data, MongoDB provides details to secure the MongoDB database by implementing proper authentication, access control, and encryption.
Stock photo from Trong Nguyen