New Ransomware Steals Your Data and Threatens to Report you to GDPR
MongoDB is one of the most popular databases for modern apps used by several major companies such as Google, Facebook, Uber, and numerous others. Needless to say, an attack such as this puts numerous big names at risk. This new type of ransomware wipes the database owner’s data clean and then threatens to report them to the GDPR for the data leak.
The hackers behind this attack have uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password. This number makes up 47% of Mongo’s databases. The hackers are using an automated script that scans for misconfigured MongoDB databases and wipes their data before demanding 0.015 bitcoin (~$140) as ransom.
The attackers only give the victims two days to make payments, else they threaten to report them to the local General Data Protection Regulation (GDPR) enforcement authority for a data leak.
Security researcher Victor Gevers says that these notes have been seen as early as April 2020, but the initial attacks did not include data wiping. The attacker would keep connecting to the same database, leave the same ransom note, come back a few days later and leave another copy of the same ransom note.
Gevers, who reports compromised systems to companies as part of his duties said that he noticed the wiped databases a few days ago and was scheduled to report them and get them secured.