Attackers Ransom MongoDB Databases – Expert Commentary

The perpetrator has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for payment, threatening to expose the leak, and contact the victim’s local General Data Protection Regulation (GDPR) Enforcement Authority.

James MacQuiggan, Security Awareness Advocate,  KnowBe4
July 03, 2020
They make it easy to query or search for a variety of purposes needed by an organisation responsible for data.
Databases are an excellent resource to efficiently store data. They make it easy to query or search for a variety of purposes needed by an organisation responsible for data. With the information stored such as names, addresses, phone numbers, and other sensitive data, certain technology features need to be implemented like access controls, encryption, and updates to secure the data from attack and ....
[Read More >>]
Jay Ryerse, VP of Cybersecurity Initiatives,  ConnectWise
July 03, 2020
In addition to assessing risk, we must consider the benefit of education for our users and our technical staff.
In today’s world, we are challenged by many things including a global pandemic, uncertainty, and of course, cybercrime. Two of these are likely out of our control, but practicing good cybersecurity is within our ability as business owners and service providers. Areas we can focus on within our business include performing a regular risk assessment for technology because what we don’t know ca ....
[Read More >>]
Raif Mehmet, Sales Director ,  Bitglass
July 03, 2020
To thwart ransomware attacks and mitigate their impact, all organisations need advanced threat protection.
Misconfigurations like this will continue to be a rampant issue as businesses continually fail to obtain visibility and control into all of their cloud footprint. Time and again, cloud misconfiguration issues allow servers to expose sensitive data that is not protected or encrypted, enabling unauthorised access and a host of other headaches for the enterprise and its data subjects. To thwart ran ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article