Hackers attack MongoDB: number of compromised systems exceeds 27,000

The media got information about a large-scale wave of cyber attacks, the victims of which are administrators of systems using MongoDB. Attackers gain access to them, and then delete data from vulnerable or incorrectly configured systems, after which they demand a ransom.

Norwegian information security researcher and Microsoft employee Niall Merrigan recorded a surge in attacks targeted at MongoDB systems - he said their number increased from 12,000 to 27,633 in just twelve hours. Often, attackers extort money from hacked administrators to return data - at the beginning of the cyberattack wave, the amount was 0.2 bitcoin ($ 184). There is information that some victims actually performedpayments to crackers.

Merrigan and his colleagues managed to track the activity of 15 hackers - one of them, under the nickname kraken0, hacked 15,482 copies of MongoDB and demanded from their administrators one bitcoin ($ 921) for returning data - however, while no one paid him.

Niall Merrigan and his colleague Victor Gevers helped 112 victims increase the security of their vulnerable systems. At the same time, according to Zhevers, in total 99 000 MongoDB systems are vulnerable.

MongoDB systems security is a known issue. Back in 2015, the founder of the Shodan search engine, John Matherly, published research data according to which more than 30,000 copies of MongoDB were available from the Internet without access control.