Hackers have removed more than 12,000 MongoDB databases from the Internet in the past three weeks. Its owners are being extorted to pay money to get the databases back.
So says security researcheronderzoek Sanyam Jain against Bleeping Computer. The researcher used search engines such as BinaryEdge to see how many databases had been removed. In total this would be 12,564 databases.
Specifically, it concerns MongoDB databases that are publicly accessible and without security. MongoDB has been under fire since 2015 for not requiring authorization for new installations. As a result, a lot of information appeared to be publicly available on the internet. Since then, large campaigns have been carried out regularly in which hacker group Unistellar searches for and removes such databases. They then send an email demanding a ransom to restore the database.
In this new case, the hackers only leave a message containing an email address. That’s an @yandex.com address, which seems to indicate the gang is from Russia. It is unknown how much ransom the criminals demand in this case. Because the criminals also do not leave a cryptocurrency address, it is impossible to find out how much they earn with it.