News

Ransomware Unistellar destroyed 12 thousand databases in MongoDB

Independent Internet-security specialist Sanyam Jain discovered more than 12 thousand MongoDB databases that destroyed cybercriminals.

Attackers delete all notes from the storage and propose victim to contact them for information restoration. Experts link attacks with earlier unknown Unistellar band.

“First I noticed the attacks on April 24, when initially discovered a wiped MongoDB database which, instead of the huge quantities of leaked data I was used to finding, only contained the following note: “Restore ? Contact : unistellar@yandex.com”, — said Sanyam Jain.

Unistellar’s campaign began at the end of April this year and affected database with information about 257 million India citizens that was found in open access by security specialist Bob Diachenko. Researcher discovered unprotected storage that contained personal identification data, on April 23. Notes included names, phone numbers, emails and physical address details.

Specialist reported about his finding in Indian center of reactions on cyberthreats (CERT-In), however, database was available only until May 8, when Unistellar cybercriminals destroyed it.

Experts say that cybercriminals use automatized script that looks for unprotected MongoDB bases and erases information that they contain. Malware adds to free cells lines with the proposal to write on one of the emails for restoration.

Wiped MongoDB databases found

Analysts note that attackers create points for information restoration, though it is not clear if they create reserve copied of the destroyed bases. Tracing buyout is also not possible as cybercriminals do not publish numbers of digital wallets but only give victims in personal correspondence.

Diachenko discovered on the Internet about 150Gb of data, collected by Verifications[.]io marketing agency. Powered by MongoDB base contained more than 800 million emails, dates, names, phone numbers and other data about private persons and organizations. Later other researchers discovered two more storages that belonged to the company. By this, the volume of compromised data consisted 2 billion of records.

How to protect information.

These attacks can happen only because the MongoDB databases are remotely accessible and access to them is not properly secured. This means that the database owners can easily prevent such attacks by following fairly simple steps designed to properly secure their database instances.

MongoDB provides details on how to how to secure a MongoDB database by implementing proper authentication, access control, and encryption, and also offers a security checklist for administrators to follow.

Source: https://www.bleepingcomputer.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

1 day ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

1 day ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago