With around 12,000 unsecured MongoDB databases being deleted in the course of three weeks, attackers have solicited the owners from the databases to contact the said cyber-exotortionists to have the information restored with just a message left behind. They search for the already exposed database servers utilizing BinaryEdge or Shodan search engines, delete them and demand a ransom for their 'restoration services' and these sorts of attacks focusing on the publicly available MongoDB databases have known to have occurred since atleast the early 2017 [1, 2, 3, 4]. While Mongo Lock attacks likewise target remotely open and unprotected MongoDB databases, the campaign does not appear to demand a particular ransom. Rather, an email contact is given, well on the way to arrange the terms of information recuperation. Sanyam Jain, an independent security researcher and the person who found the wiped out databases, gave quite a sensible clarification to this, saying that "this person might be charging money in cryptocurrency according to the sensitiveness of the database." The 12,564 unprotected MongoDB databases wiped out by Unistellar were found by the researchers utilizing BinaryEdge. Seeing that, right now, BinaryEdge indexes somewhat more than 63,000 publicly accessible MongoDB servers as per Jain, it appears as though the Unistellar attackers have dropped by approx 20% of the aggregate.
The cyber-extortionists leave behind notes asking their victims to connect with them if they need to reestablish their data by sending an email to one of the accompanying two email addresses: [email protected]
or [email protected]
Shockingly, there is no real way to follow if t ..