"Three sets of hackers were hard at work over the Labor Day weekend using ransomware to wipe about 26,000 MongoDB databases.
A "MongoDB ransacking" spreadsheet created by researchers Dylan Katz and Victor Gevers - the latter of whom along with Niall Merrigan discovered an earlier deluge of attacks - showed a single group that uses "cru3lty@safe-mail.net” is responsible for 22,000 of the accounts hacked, ZDnet reported.
"We have your data. Your database is backed up to our servers," the message to victims read. "If you want to restore it, then send 0.15 BTC and text me to email, just send your IP-address and payment info. Messages without payment info will be ignored."
The group responsible for ransacking 3,500 databases sent victims a similar message. "If you want to recover your data, then send 0.05 BTC to bitcoin-address and send your IP to our email. You don't want that your users/customers to know that you have a data leak, right?" ZDnet reported the group, which uses the email address "
wolsec@secmail.pro" as saying."
Link :
https://www.scmagazine.com/labor-day-ransomware-attacks-wipe-26000-mongodb-databases/article/686409/I am a person that likes technology, so found this about one of the databases that I am studying lately(MongoDB), and saw once more a ransom attack asking to pay in bitcoin. I, being an working IT, know that we should secure our databases from the network, make time to time backups, but breaches may happen. How will this kind of ransom attacks be solved? Is it possible to track somehow, or atleast start thinking about a tracker for these kind of ransom attacks?
This is bad publicity for cryptoworld, especially for bitcoin, and this kind of illegalities should be thinked before corporates start banning bitcoin, or it gets to deep in the dark web.
