A flood of attacks is targeting unsecured MongoDB servers and wiping their databases. Left behind are notes demanding a ransom payment, or the data will be leaked, and the owners reported for GDPR violations.
Being tracked by Victor Gevers, the chairman of the non-profit GDI Foundation, attackers are scanning the Internet for unsecured MongoDB servers.
Once they gain access to the server, they wipe the databases and create a new database called "READ_ME_TO_RECOVER_YOUR_DATA."
Within this database is a collection named 'README' that contains a ransom note explaining that their data was "backed up" and that the victim must pay 0.015 BTC ($135.55) to recover their data.
Full article on https://www.bleepingcomputer.com/news/security/surge-of-mongodb-ransom-attacks-use-gdpr-as-extortion-leverage/
#ransomware #mongodb #gdpr