This article was published on January 19, 2017

MongoDB Ransomware is being sold online


MongoDB Ransomware is being sold online

January has been a rough month for anyone that a.) uses the popular MongoDB database software, and b.) doesn’t really know how to secure it.

flurry of ransomware attacks have targeted the platform, taking advantage of installations that have the administrator account configured without a password.

When we initially covered it, around 10,500 systems had been compromised. That number rather swiftly soared to almost 30,000, as the number of hacking groups targeting MongoDB increased exponentially.

One of the groups that targeted MongoDB, called Kraken0, is now selling their exploit code, in a move that all-but guarantees to increase the number of actors targeting the platform.

Included in the package is malware for both MongoDB, as well as Elastic Search, which has similarly been the target of ransomware attacks over the past month.

Also thrown in is a list of 100,000 potentially vulnerable MongoDB IPs, 30,000 Elastic Search IPs, and a tool to scan the entire publicly-facing Internet for further vulnerable systems.

A copy of the source code will set you back $500, payable in Bitcoin. If you’re not too concerned with making modifications to the code, you can get a binary for just $100.

By turning their ransomware into a commodity, it means that anyone with enough cash can start targeting vulnerable databases. Now more than ever, it’s important for people using MongoDB and Elastic Search to learn how to secure their systems.

We’ve reached out to MongoDB and Kraken0 for comment. If we hear back from them, we’ll update this piece.

Get the TNW newsletter

Get the most important tech news in your inbox each week.