Hackers are once again finding unsecured MongoDB databases carelessly left exposed on the internet, wiping their contents, and leaving a ransom note demanding a cryptocurrency payment for the data’s safe return.

As ZDNet reports, ransom notes have been left on almost 23,000 MongoDB databases that were let unprotected on the public internet without a password.

AWS Builder Community Hub

Unsecured MongoDB databases being attacked by hackers is nothing new, of course. Over recent years security breaches involving exposed MongoDB installations have occurred on multiple occasions, claiming the scalps of Verizon, OCR software firm ABBYY, dating websites, amongst others.

What makes this particular attack more unusual is that the hacker threatens to contact regulatory authorities if the victim does not pay up, to report them for a GDPR violation.

In an example shared by ZDNet, the ransom note demanded 0.015 Bitcoins (at current prices approximately US $140) or data would be leaked and the authorities informed.

Part of the ransom note, which is in broken English, reads as follows:

All of your data is a backed up. You must pay 0.015 BTC to [REDACTED] 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server.

If you’re unlucky enough to find your MongoDB database wiped by the hacker and replaced by a ransom note, there are an important couple of points to consider:

Firstly, will paying the ransom get your data back?

Almost certainly not. The hacker may (Read more...)