Wednesday, January 20, 07:33
Home security Hacker is asking for a ransom from 23 MongoDB databases

Hacker is asking for a ransom from 23 MongoDB databases

22.900 MongoDB databases, which were exposed to the internet without any password, were discovered by one hacker, who left notes asking for ransom.


The number of exposed databases corresponds to 47% of all MongoDB databases.

The malicious user uses an automated one script, looking for incorrect MongoDB database configurations, deleting their content and leaving a 0,015 note request Bitcoin (~ $ 140) as ransom.

The hacker then threatens the company to leak the data, unless the ransom is paid in two days. In addition, to put more pressure on the situation, he says he will report the leak to the local authority GDPR.

Such attacks have been observed since early April 2020.

According to Victor Gevers, a security researcher at the GDI Foundation, the initial attacks did not include deleting data.

The intruder continued to be connected to the same database who left the note for the ransom and then returned again to leave another copy of the same note, a few days later.

However, it seems that now the hacker realized that he made a mistake and started cleaning the MongoDB databases, deleting all their data.

Previous attacks

The recent attacks that have been discovered are just an advanced version of them attacks which began in December 2016. At the time, malicious agents had discovered that they could make a lot of money by clearing MongoDB servers and demanding ransom from their victims.

More than 28.000 servers fell victim in January 2017, another 26.000 in September 2017 and then another 3.000 in February 2019.

In 2017, MongoDB, Inc.'s Chief Product Safety Director, Davi Ottenheimer, accused database owners of failing to set passwords for them, leaving the servers exposed to the Internet.

Almost three years later, nothing seems to have changed. Of the 60.000 MongoDB servers that remained exposed to Internet in early 2017, the number dropped to just 48.000 today.

The default setup of MongoDB databases today comes with secure options, but we still have tens of thousands of exposed servers on a daily basis. If you are an administrator of MongoDB servers and want to secure them properly, the MongoDB security page is the best place to get the right advice.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement



The creator of PUBG is planning an IPO worth $ 27,2 billion! Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...