Unknown Cybercrime Gang Holds Thousands of Databases For Ransom

Cross-platform database company, MongoDB, is the latest victim of a cybercriminal attack. This attack has infiltrated 22,900 unsecured databases by wiping their contents. The gang behind the attack has since requested Bitcoin (BTC) payments in exchange for a backup of the data.

According to WeLiveSecurity from the cybersecurity firm ESET, if the ransom isn't paid in two days, the hacker, or a gang of cybercriminals, threatened to notify authorities in charge of enforcing European Union's General Data Protection Regulation, or GDPR.

A report published by ZDNet explains that the number of databases compromised in the “Wiping & Ransom” attack account for almost 47% of all the MongoDB's databases.

Over $3.2 million in total demanded by the hackers

The hackers used an automated script to scan each database, and left a ransom note demanding 0.015 BTC, or around $140, for each one. The hackers also included a guide which explains to victims how they can purchase the required Bitcoin.

Victor Gevers, a security researcher at the GDI Foundation, said:

"The first few attacks lacked the data-wiping feature. Once the miscreant realized the mistake in their script, they amended it and started wiping the MongoDB databases. Instances of attacks using this particular ransom note have been recorded all the way back to April of this year."

In total, the hackers are seeking around $3.2M from MongoDB.

In June, ransomware group, REvil, launched a series of attacks that targeted three companies in the U.S. and Canada. They later leaked data from two of the companies and threatened to disclose sensitive data from the third.