MongoDB Ransom Attacks Hit 27000 Systems

MongoDB Ransom Attacks has hit 27,000 Systems in few hours from 12000 impacted servers .

Most of the mongoDB installations are exposed to exploites due to poor default access controls for super users .

Hackers are accessing  MongoDB databaases and then copy and delete data from database running in default, unsecure configuration. In return of data administrators are being asked to pay ransom money by bitcoins.

What Can mongoDB DBA’s Do ?

  1. Follow Frank Harding’s Quick Steps to Secure mongoDB

  2.  Securing your MongoDB server 
  3. Follow mongoDB Security Check List to review and secure your mongoDB installation and implement the security measures immidiately

    • Enable Access Control and Enforce Authentication
    • Configure Role-Based Access Control
    • Encrypt Communication
    • Encrypt and Protect Data
    • Limit Network Exposure
    • Audit System Activity
    • Run MongoDB with a Dedicated User
    • Run MongoDB with Secure Configuration Options
    • Request a Security Technical Implementation Guide (where applicable)
    • Consider Security Standards Compliance
    Follow this link for details of these steps : MongoDb Security Check List
  4. Follow the events and details on this issue by Victor Gevers on Twitter :
  5. Victor Gevers@0xDUDE 


This site uses Akismet to reduce spam. Learn how your comment data is processed.