The number of insecure MongoDB databases being hijacked by criminals is growing, according to experts who say the attacks that began last week are now targeting more valuable assets.
It has been reported that a hacker going by the handle "Harak1r1" was compromising open MongoDB installations, deleting their contents, and leaving behind a ransom note demanding 0.2 BTC (about $220).
Despite years of repeated warnings of unprotected MongoDB databases, a recent scan using Shodan search engine reveals 46,000 open MongoDB are ripe for attack.
This version of a ransomware requires you to read security articles or you will see your blocked files permanently deleted. A warning screen (complete with the requisite stock photo image of a hacker in a ski mask) appears and announces that all your files have been encrypted.
If you "agree to stop downloading unsafe applications off the Internet" and do the recommended reading, you'll get a decryption key will restore your encrypted files free of charge. If the victim takes too much time to read the articles the files are actually destroyed by the malware.
References: New Malware Holds Your Files Hostage Until You Read Two Cybersecurity Awareness Articles | Koolova Ransomware Unlocks Files Read Two Ransomware Avoidance Posts | This Crazy Ransomware Restores Your Files If You Read About Ransomware | Koolova: The Ransomware That Wants to Make You Aware of Security
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.