The cybercriminal behind the ransom raids on almost 23,000 databases threatens to leak the data and alert GDPR regulators
An unknown cybercriminal has infiltrated 22,900 unsecured MongoDB databases, wiping their contents and leaving behind a ransom note demanding bitcoin in return for the data. If the ransom isn’t paid within two days, they threatened to notify authorities in charge of enforcing the European Union’s General Data Protection Regulation (GDPR).
According to ZDNet, which broke the story, the hacker is using automated scripts to scour the internet for MongoDB installations that face the internet with no password protection, deleting their contents, and asking for 0.015 bitcoins (some US$140) to return the data.
The cybercriminal was even “thoughtful” enough to provide a guide on how to purchase bitcoins. It seems that the bad actor is using multiple bitcoin wallets and email addresses, but the wording of the threat remains consistent. If the conditions aren’t met, they threaten to leak the data and contact GDPR regulators.
Victor Gevers, a security researcher at the GDI Foundation, pointed out that the first few attacks lacked the data-wiping feature. Once the miscreant realized the mistake in their script, they amended it and started wiping the MongoDB databases. Instances of attacks using this particular ransom note have been recorded all the way back to April of this year.
The researcher, whose responsibilities include reporting exposed servers, stated that he noticed the wiped systems while checking on MongoDB databases he was supposed to report so they could be secured. “Today, I could only report one data leak. Normally, I can do at least between 5 or 10,” he added for ZDNet.
While the demanded ransom ..
Support the originator by clicking the read the rest link below.
