An unknown hacker is trying to monetize on MongoDB databases that are exposed to the Internet by hijacking them and then demanding a ransom for the data, revealed the security researcher Victor Gevers.
This hacker goes by the online handle Harak1r1. He searches for insecure and exposed MongoDB databases and then he attempts to compromise them. Once if he gains the access to the database, eh steals allthe data inthere and replaces the databases with the one called WARNING, containing just one table with just one record, both called WARNING too.
All the victims are instructed to send a total of 0.2 Bitcoins (BTC) to a specific Bitcoins address if they want to get their data back. Morethan a dozen companies have already paid the ransom total.
“Send 0.2 BTC to the address 13zaxGVjj9MNc2jyvDRhLyYpkCh323MsMq and get in touch with this email [[email protected]] using the IP of your server to recover your database!” says the warning.
According to Victor Gevers, co-founder of GDI Foundation, a non-profit organisation, the attackers may be using an automation tool, however they would have chossen the databases manually to focus on. Basically, the hackers seem interested solely in those informationbases that contain vital data, as companies with important data are more likely to pay ransom to gain their data back.