MongoDB, a free and open-source cross-platform document-oriented database program classified as a NoSQL database program, has its users prone to hacks. Around 10,500 systems had been compromised.
But as more hacking groups started targeting the software, the number quickly increased to almost 30,000.
Once the hackers were able to compromise a system that uses MongoDB, the attackers were able to wipe the database clean and leave a ransom note. The MongoDB user would then need to pay the hackers in order to restore the database to its previous state.
The hackings started early in January, and ransom ranges from $150 to $500, paid with bitcoin.
The attacks were first found by security researchers Niall Merrigan and Victor Gerves. They said that around 25 percent of all internet-connected MongoDB databases have been compromised.
They believe that the hackers may not even bother to make a copy of the victim's data. So even if the victim pays the ransom, there won't be any data to be recovered. Furthermore, the hackers that found an already hacked system, may re-hack it in order to replace the ransom note with their own.
Kraken0 is actively trying to sell their ransomware kit for open MongoDBs (34.503 victims) & Elasticsearch (4,607 victims) worldwide. pic.twitter.com/VThCCNPkqd
— Victor Gevers (@0xDUDE) January 18, 2017
To complicate things further, one of the hacker groups that targeted MongoDB, called Kraken0, started selling their exploit code weeks later. This move can guarantee an increase to the number of new hackers targeting the platform.
Included in the package, Kraken0 is also selling malware to breach Elasticsearch, which has similarly been the target of ransomware attacks over the past month. There is also a list of 100,000 potentially vulnerable MongoDB IPs, 30,000 Elasticsearch IPs, and a dedicated tool to scan more potential victims on the entire public internet.
The source code cost $500 and only payable in bitcoin. If the buyer isn't interested in making modifications to the code, the binary is for sale for just $100.
In response to the hacks, MongoDB Inc, the developers of MongoDB, have released an updated to MongoDB security in order to mitigate these ransomware-inspired attacks.