FedEx Will Pay You $5 to Install Flash on Your Machine
We certainly hope that FedEx shows more concern over the safety of its drivers and pilots than it shows to customers wanting to order printing online.

FedEx is making you an offer you
iCub the Open Source Robot
It occurs to us that the iCub might be the perfect companion for an only child. Probably cheaper in the long run than a little brother or sister, and it can be turned off at night.

The Screening Room

Linux Action Show to End Eleven-Year Run at LFNW
Six more episodes before the popular Linux podcast, Linux Action Show, ends its nearly 11-year run in a live broadcast from LinuxFest Northwest.


Jupiter Broadcasting's long-running
No, Evil Hackers Aren't After You
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.

Roblimo's Hideaway

OMG! I think I see a giant camera lens on
Four Things a New Linux User Should Know
When you move from "that other operating system" to Linux, you're going to find that in most ways you'll be in familiar territory. However, that's not always the case. We sometimes do things a little differently
Should the U.S. Army Have Its Own Open Source License?
Should the U.S. armed forces begin releasing software under an OSI approved open source license rather than as public domain?

Roblimo's Hideaway

This question has generated many pixels'
GitHub CEO Chris Wanstrath on Open Source
Did you know that the software Stephen Hawking uses to speak is open source and that it's available on GitHub? Neither did we.

The Screening Room

At the Computer History museum, GitHub CEO Chris
January 9th, 2017

MongoDB Ransomware Attacks Grow in Number

Evidently DevOps running MongoDB haven’t heard the word about the latest round of ransomware targeting the database, as the numbers of deployments with data being held for ransom continues to rise.

MongoDB ransomware

Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.

Guess what? It hasn’t gone down that way — at least not so far.

On Wednesday when I wrote about this there had been about 2,000 databases attacked. By this morning, according to eWeek, over 10,000 databases have been affected. What’s more, last week it appeared as if all of the attacks were being carried out by one person or organization. Now there are at least five organizations steadily working in an attempt to turn unprotected databases into bitcoins.

The methodology is so simple it doesn’t even take a script kiddie to do it, much less a master hacker-cracker. You also don’t need any encryption software. All you do is find an unprotected database, copy its contents, then replace the contents with a pay-up-or-we’ll-kill-your-data ransom note. Easy pickings, in other words. And how do they find these wide open databases? The old fashioned way would be to scan the Internet, but in this case they can just use the security search engine Shodan, which is used for finding devices connected to the Internet.

Last week the demands were all for 0.2 bitcoin per compromised database, which works out to about $203 in good ol’ ‘Murican money, but this morning we learn that one group has grabbed data from at least 17 MongoDB instances and is demanding a ransom of 0.25 bitcoin. So much for the theory that competition keeps prices low.

The attacks center around older versions of MongoDB, which shipped with a default setting that made it open to the Internet. The problem was discovered and fixed back in 2015, but some admins evidently haven’t received the word. The problem is also made worse by the fact that customers firing up MongoDB in the AWS cloud are deploying vulnerable versions.

Long story short: If you’re deploying MongoDB, you might want to make sure you’re using the latest version. You also might want to make sure you’re following Mongo’s best security practices. Otherwise, you can create a bitcoin wallet if you don’t have one already, because there’s a good chance you’ll be needing it.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Comments are closed.