MongoDB And ransomware attacks

Learning that tens of thousands of MongoDB database have been compromised and held hostage by ransomware is both startling and worrisome.

Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them.The number of affected databases has risen from hundreds to more than 10,000.

What is MongoDB?

MongoDB is a free (no cost) and open-source database system. MongoDB is, instead, a document-oriented (rather than a table-oriented) database . Classified as a “NoSQL” database, it uses JSON-like documents to store information and is claimed to be much faster than schema-oriented databases.

Search Engines

you can use Shodan or zoomeye to search for installations of MongoDB.

mongo.PNG

mongozzome.PNGransomware attack

A Many of  MongoDB database have been compromised and held hostage by ransomware.And we can see this exemple:

port27.PNG

mongoransom.PNG

Security of  MongoDB

If you are using MongoDB and your database is held ransom,  you not pay the ransom.There’s no guarantee that you’ll get it back from them.

MongoDB administrators are advised to follow the steps on the security checklist from the MongoDB documentation in order to lock down their deployments and prevent unauthorized access.

Advertisements

One thought on “MongoDB And ransomware attacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s