Connect with us

Sunday, 8 January 2017
0 comments

Cyber Criminals Attacking On Web Databases And Asking To Pay For Ransom

Cyber Criminals Attacking On Web Databases And Asking To Pay For Ransom


Stop To Pay Ransomware Said Security Researcher. Hackers were wiping the databases of unprotected MongoDB installs and encrypt with ransom.


Recently some Cyber Attackers are hijacking databases of MongoDB, there have been reports of malicious attacks on unsecured instances of MongoDB running openly on the internet. The attacker deleted the database and demanded a ransom to be paid for restoring it.

"YOUR DBS ARE ENCRYPTED. SEND 0.5 BTC (BITCOIN) ~= 550USD, TO THIS BTC ADDRESS," says the ransom message of the first copycat, who calls himself 0wn3d, according to Victor Gevers, the co-founder of the GDI Foundation, a non-profit organization that has the goal of making the internet safer, and one of the researchers who’s tracking these attacks.

Security researchers are tracking these cyber attacks and shared MongoDB spreadsheet of ransacking actors database showing Group name, Sighted on, Email-ID, Bitcoin Address, Ransom Size and Name of replaced DB.

One of the security researcher Niall Merrigan said,
Security researchers have found several MongoDBs containing sensitive information left exposed for all to see, such as the voter records of 191 million American voters, or credit card data of thousands of customers of an hotel chain.

Victor Gever A security researcher tweeted,


MongoDB expains in blog, How can you tell if an attacker has compromised your data?
  • If access control is configured correctly for the database, attackers should not have been able to gain access to your data. Review our Security Checklist to help catch potential weaknesses.
  • Verify your databases and collections. In the recent cases we’ve seen, the attacker has dropped databases and/or collections and replaced them with a new one with a ransom demand.
  • If access control is enabled, audit the system logs for unauthorized access attempts or suspicious activity.

0 comments:

Post a Comment

 
Toggle Footer
Top