Evidently DevOps running MongoDB haven’t heard the word about the latest round of ransomware targeting the database, as the numbers of deployments with data being held for ransom continues to rise.
Last week when the news started hitting the net about ransomware attacks focusing on unprotected instances of MongoDB, it seemed to me to be a story that would have a short life. After all, the attacks weren’t leveraging some unpatched vulnerabilities in the database, but databases that were misconfigured in a way that left them reachable via the Internet, and with no controls — like a password other than the default — over who had privileges. All that was necessary to get this attack vector under control was for admins to be aware of the situation and to be ready and able to reconfigure and password protect.
Guess what? It hasn’t gone down that way — at least not so far.
On Wednesday when I wrote about this there had been about 2,000 databases attacked. By this morning, according to eWeek, over 10,000 databases have been affected. What’s more, last week it appeared as if all of the attacks were being carried out by one person or organization. Now there are at least five organizations steadily working in an attempt to turn unprotected databases into bitcoins.