Casa > ransomware > MongoDB Ransomware Attacks Misconfigured Servers

MongoDB Ransomware Ataques Servidores Misconfigured

bases de dados Misconfigured MongoDB são os últimos alvos, portanto, vítimas do ransomware. ataques bem-sucedidos contra MongoDB dobraram em um único dia, pesquisadores dizem.

Os servidores que executam MongoDB foram alvo primeira vez em dezembro 2016, but the scale of the malicious attempts was small. The situation quickly escalated, como aparece. O motivo? Many of the compromised databases hadn’t been set to require a password for access. This lack makes remote attacks easy to accomplish.

93 Terabytes of Data Likely Compromised

Security expert Niall Merrigan recently wrote that 12,000 MongoDB servers had been compromised. The number grew to 28,000 later the same day. The total amount of encrypted data could be as high as 93 terabytes!

Attacked organizations typically see a warning on their systems demanding a ransom payment of 1 Bitcoin.

Security researchers have created a spreadsheet named MongoDv ransacking where various details about the attacks are collected, such as victims, number of paid ransoms, email addresses deployed by the attackers. According to the spreadsheet, 20 victims have paid the demanded ransom but have not received their data, which is not that surprising after all. Rule number one for any ransomware infection is not paying the ransom as collected money only fuels malicious encrypting attacks.

It’s very likely that the success of these attacks is due to MongoDB servers left Internet-accessible. The compromised servers are also misconfigured or prone to vulnerability exploits (devido a falhas não corrigidas). These factors have made it pretty easy for attackers to accomplish their purposes. Além disso, content may have been stolen or modified, pesquisadores alertam.

MongoDB Administrators Should Know Better

Poorly administered MongoDB servers have been the reason for several big data breaches, tal como:

Back in 2015 it became publicly known that there were large numbers of Internet-facing MongoDB servers. The servers in question were also running outdated, unpatched software – a scenario for a disaster.

What Does MongoDB Inc. Say?

In a recent blog post, intitulado How to Avoid a Malicious Attack That Ransoms Your Data, Andreas Nilsson, MongoDB’s director of product security said that all these attacks could have been prevented had the security protections built into MongoDB been configured properly. Mais particularmente, the ransomware attacks could have been prevented if MongoDB’s access controls were enabled and correctly configured. He concludes that:

You need to use these features correctly, and our security documentation will help you do so.

além disso, the company offers two additional options – MongoDB Cloud Manager and MongoDB Ops Manager. They allow admins toenable alerts to detect if their deployment is internet exposed,” and also to create regular backups, the number one prevention rule against any ransomware.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar