Sonrai Security website logo for identity and data governance and cloud security

Hackers Held 23,000 Unsecured MongoDB Databases Ransom

Author: Eric Kedrosky | Date: July 9, 2020
Read Time: 2 minutes
Skill Level: Technical
Skill Level: Technical
Hackers Held 23,000 Unsecured MongoDB Databases Ransom

Ransom attacks in the cybersecurity world are not new; they have been around as long as the internet. However, a recent string of these database ransoms has seen a significant uptick amongst insecure databases.

Hackers held 23,000 unsecured MongoDB databases ransom. The hackers wiped the data and demanded the Bitcoin equivalent of $140 per database in order to restore. Shockingly these 23,000 accounts were able to be hacked so easily because they lacked any sort of encryption, password, protection, or security, they were completely open and vulnerable.

The amount in question that the hackers were demanding may seem relatively small, which it is when paired with the GDPR fines that would come after. Hackers are no dummies, they also threatened to report their own hack to the GDPR if payment was not received. The penalties from the GDPR could range from a Level 1 fine of; €10 million or 2 percent of the company’s global annual turnover from the previous year, whichever is higher, or a level 2 fine of; €20 million or 4 percent of the company’s global annual turnover from the previous year, whichever is higher. Obviously this amount would cause any organization great financial concern.

This situation is completely avoidable, by simply securing the database. These hackers went after low hanging fruit, and not surprisingly found a lot of it. Proper storage like an S3 bucket which is cheap and effective would have completely prevented these attacks. S3 buckets come with their own methods of encryption and can be monitored by an organization to track and limit authorization.

It is important that even when encryption exists on an S3 bucket that an organization has the proper policies and contingencies to deal with an alert and to have a plan if an unidentified party does access the bucket.

Read more about this story at HelpNetSecurity.

magnifier