Rise of MongoDB Attack
The number of MongoDB databases hijacked has gone from 10,000 to 28,000. The attacks don't target all MongoDB databases, but only those running openly on the Internet and without a password on the administrator account. In this attack, the hacker erased the database and demanded a ransom be paid before restoring it.
Some groups are hacking over again the same servers and rewriting each other ransom notes, thus making it impossible to know which group downloaded the victim's data and to whom should victims pay the ransom.
Moreover, companies that are willing to pay the ransom found out in most of the case that the group to whom they paid the ransom was not the one who stole their data, and thus they were forced to pay a ransom again to another group.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street