Hackers attack MongoDB: the number of compromised systems has exceeded 27,000

The media got information about a massive wave of cyber attacks, the victims of which are the administrators of systems using MongoDB. Attackers gain access to them, and then delete data from vulnerable or misconfigured systems, and then demand a ransom.

Norwegian information security researcher and Microsoft employee Niall Merrigan recorded a surge of attacks aimed at MongoDB systems - according to him , in just twelve hours their number increased from 12,000 to 27,633. Often, attackers extort money from the administrators of the hacked systems data - at the beginning of a wave of cyber attacks, the amount was 0.2 Bitcoin ($ 184). There is information that some victims actually made payments to burglars.
')
Merrigan and his colleagues were able to track the activity of 15 hackers - one of them, under the nickname kraken0, hacked 15,482 copies of MongoDB and demanded from their administrators one bitcoin ($ 921) for returning data - however, so far no one paid him.

Nial Merrigan and his colleague Victor Gevers helped 112 victims to increase the security of their vulnerable systems. At the same time, according to Gevers, 99,000 MongoDB systems are vulnerable.

MongoDB system security is a known issue. Back in 2015, the founder of the Shodan search engine, John Matherly, published research data, according to which more than 30,000 MongoDB copies were available from the Internet without access control.