HACKERS HAVE wiped more than 26,000 MongoDB databases and are demanding that victims pay 0.15 BTC (around £500) to have them restored.
That's according to security researchers Dylan Katz and Victor Gevers. They claim that three new groups are behind the hijackings, which saw them take advantage of known security weaknesses in unpatched iterations of the popular NoSQL database.
"During those attacks, multiple hacking crews scanned the Internet for MongoDB databases left open for external connections, wiped their content, and replaced it with a ransom demand," according to Bleeping Computer.
"Most of these exposed databases were test systems, but some contained production data and a few companies ended up paying the ransom only to later find out they've been scammed and the attacker never had their data."
The attacks have been tracked via a Google Docs spreadsheet, with more than 45,000 databases in total affected.
The wave of attacks is due to the lack of security by default in out-of-the-box installations of MongoDB, which unlike other databases automatically exposes itself to the internet by default, combined with flaws made by developers when setting up MongoDB databases. It has also suffered from a number of security shortcomings over the years.
MongoDB servers were subjected to a wave of attacks around December last year and at the beginning of this year. Then, MongoDB published advice for users on how to avoid falling victim to the attacks.
The renewed wave of attacks probably won't daunt potential investors in MongoDB - although they should - as the company prepares for an initial public offering (IPO) that would value the company at $1.6bn or more.
The filing was made confidentially in August under a provision of the 2012 JOBS Act, with the intention that the company would go public before the end of the year. µ
Welcome to the dystopia Black Mirror warned us about
Microsoft in 'more helpful' shock
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers