In a recent incidence that highlights the security perils of the internet world, MongoDB databases have been hijacked and been held for ransom. According to the recent reports, the number of hijacked MongoDB databases has gone up from 10,000 to 28,000. That accounts to almost 25% of all the MongoDB databases accessible via the Internet. Niall Merrigan, the security researcher who has been keeping a close eye on the attacks reported the numbers on twitter.
Not all the MongoDB databases, but those left accessible via the Internet and without a password on the administrator account are the ones at risk. And if this is the speed of hijacking, it wouldn’t be unnatural to expect that very soon all the MongoDB servers exposed to the Internet will lose their data to a ransom demand.
It all began as isolated incidents since December 20 when hacker started accessing some of the open databases, exporting the content and replacing it with a ransom note. The activity was first brought into notice by Victor Gerves, an ethical hacker and founder of GDI foundation. He reported that a hacker by the name “Harak1r1” was compromising open MongoDB installations by deleting their contents, and leaving a ransom note demanding 0.2 BTC (about $220), which is now ranging from $150 to $500.
The situation further worsens as the number of hackers that are now involved with hijacking the databases are more than one. They are re-hacking the same servers, making it difficult to find out which group downloaded the victim’s data and to whom should the victim pay the ransom.
In many cases even after having paid the ransom amount the victims are finding out that either they have paid to the wrong hacker, forcing them to pay a ransom again or in many unlucky cases the companies and individuals are even losing their data permanently, as the hackers might have not made a copy of the user’s original data.
To secure the MongoDB servers, the company has published an updated guide which could be a good read for all the database administrators.
Reportedly the hackers aren’t doing it only for money and they don’t intend to ruin a business or webapp, but are hacking the data so that they can learn a lesson. Whether it is true or not, the hacking definitely is one of its kind in the cyber space, where the hackers have created a havoc not just for the afflicted but proves a learning lesson for non users of MongoDB as well. And it also raises serious concerns on the dangers of the internet and negligence of the database providers.