Mongo DB database hacked – demands ransom- ways to keep safe

MongoDb databse hacked, Jan 14 : As per security analysists, almost 28,000 mongo DB instances have been hacked worldwide. The worst part is that the attacker has deleted the database instance and is demanding ransom to restore the database (DB). The hackers are demanding ransom in form of Bitcoins (It is a type of digital currency, where encryption techniques are used to verify the tranfer of funds  and  regulate the generation of units of currency. It is operated independently of a central bank.) to restore the deleted data.

As per the reports from security analysts, the attack on MongoDB installations was initiated on the first day (Sunday) of the New Year. In the first attempt almost 200 instances were compromise. As of Jan 10, almost 28,000 mongo DB installations have been hacked. There are chances that more than 1,00,000 Mogo DB instances are vulnerable.

Why it has become easy targets?

Looks like, all the mongo DB (version >= 2.6.0 ) users have given free invite to the hackers by not setting up password on the administrator account. Since there is no password, the attackers just needs access of your system, fetch all database record and delete it. The next step was to contact user for ransom. If they don’t have any backup of existing database then they don’t have any other option than to pay and get their DB.  The ransom is charged in form of Bitcoins. They may charge anything between .1 to 1 bitcoin (1 bitcoin equals to 830 dollars). Harakr1 and Kraken0 was the two hackers whose name has come into picture.

The exact figures of people paying ransom is not yet confirmed. It is advisable that payments should not be done, as there are chances that the hacker does not have your details and it is just making a false call to earn bitcoins from you. If you are victim of DB hack, then it is advisable to consult security advisor.

How to be safe?

MongoDB users are advised to enable authentication and use firewalls. To enable authentication edit your mongo DB configuration file with auth = true option. Using firewalls, you can disable the remote access to your databases, if it is feasible option.

It is highly advised to keep updating MongoDB software.

There is some tips mentioned in mongo DB blog. Click here.