TENS OF THOUSANDS OF MongoDB databases have suffered a surge of ransomware attacks, with over 27,000 servers currently compromised as hackers steal and delete data from unpatched or "poorly-configured" systems.
In common with most ransomware attacks, hackers are demanding payment in bitcoin. They are asking for between 0.2BTC and 1BTC, but there's no guarantee the wiped data is actually available if a payment is made.
The attacks were brought to the public's attention by ethical hacker and security researcher Victor Gevers. Gevers said the attacks started before Christmas but significantly increased in volume more recently.
Hackers use automated scanning tools searching the web for signs of insecure or improperly configured MongoDB systems, he said.
MongoDB's director of product security, Andreas Nilsson, has published a list of actions admins can use to prevent the attacks and has stressed the importance of backing up data.
"If you take regular backups of the compromised database, you can restore the most recent backup... If you don't have a backup or are otherwise unable to restore the data, unfortunately your data may be permanently lost," he wrote.
"You should assume that the attacker has a copy of all data from the affected database," he added.
Jason Garbis, vice president of products at Cryptzone said that these types of attacks are "exceptionally damaging but frustratingly they're also preventable."
"Exposing any system to the ‘Internet Cesspit' is fundamentally a bad idea. All systems have weaknesses - whether it's a vulnerability, poor configuration or inadequate controls. It's far too easy for an attacker to use Shodan [a search engine that lets users find specific types of computers including web cams and routers] to discover and then violate them," he said.
"Rather than putting all of their systems in the shop window, particularly one that doesn't even have any glass to protect it, companies must wake up to the realisation that a new approach to network security is required.
"Taking an identity-centric approach, so one that only permits authorised users to access resources, would effectively brick up the window to anyone that doesn't know its there, locking the attackers out and rendering their malware impotent". µ
Camera cracking cyber creeps
If you already own Fire and Echo devices...
Strictly Come DNSing
Kept you waiting, huh?