Mongo DB database is under attack by hackers

MongoDB databases, affecting tens of thousands of servers. Multiple hacking groups are reportedly behind the attacks, with one of them already compromising 22,000 servers. The attackers targeted publicly accessible databases running with default settings, deleting the data and replacing it with a ransom note that reads: Now it is learnt that, MongoDB databases still being held for ransom, two years after attacks started.

"We have your data. Your database is backed up to our servers. If you want to restore it, then send 0.15 BTC [$650] and text me to email, just send your IP-address and payment info. Messages without payment info will be ignored.” It is fact that, MongoDB databases were also subjected to attacks, affecting at least 60,000.

Industry analysts predict cybercrime will cost the global economy $6 trillion annually by 2021. To respond, organizations are expected to spend more than $1 trillion on cybersecurity upto 2021. But with the onslaught of new threat classes and threat actors, are those investments being directed towards the right solutions?

In just the space of the past 12 months:

* Phishing attacks have grown 55%

* Intellectual property theft has increased 56%

* Ransomware is up 169%

* Key industrial infrastructure and military operations are subject to increased disruption

* The average time to detect compromises has reached 200 days

First in December 2016, hackers realized they could extort payments from companies that had left their MongoDB databases exposed on the internet. At the time, there were roughly 60,000 MongoDB databases left exposed online, so attackers had plenty of targets to choose from.

Initially, hackers downloaded data to their systems, deleted the data on the company's server, and left a note behind asking for a ransom in exchange for the data.

With the hackers are still active and they probably would have hit all versions of MongoDB, It has been found that, apart from the original hacker groups, several new bad actors have started engaging in this practice known as MongoDB Apocalypse. Even the newer ones too, hence the problems with users failing to set up an admin password have continued.

Hackers also diversified from MongoDB and expanded their targets to their systems such as ElasticSearch, Hadoop, CouchDB, Cassandra, and MySQL servers.

Dutch security researcher Victor Gevers, who has been continuously tracking the MongoDB ransom attacks for the past two years, has spotted three new hacker groups, ZDNet reported.

These three groups had managed to ransack nearly 3,000 MongoDB databases using the same old technique - connecting to databases left without a password, deleting data and leaving a ransom note behind.