The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

The heart of tech

This article was published on January 19, 2017

    MongoDB Ransomware is being sold online

    MongoDB Ransomware is being sold online
    Matthew Hughes
    Story by

    Matthew Hughes

    Former TNW Reporter

    Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

    January has been a rough month for anyone that a.) uses the popular MongoDB database software, and b.) doesn’t really know how to secure it.

    flurry of ransomware attacks have targeted the platform, taking advantage of installations that have the administrator account configured without a password.

    When we initially covered it, around 10,500 systems had been compromised. That number rather swiftly soared to almost 30,000, as the number of hacking groups targeting MongoDB increased exponentially.

    One of the groups that targeted MongoDB, called Kraken0, is now selling their exploit code, in a move that all-but guarantees to increase the number of actors targeting the platform.

    Included in the package is malware for both MongoDB, as well as Elastic Search, which has similarly been the target of ransomware attacks over the past month.

    Also thrown in is a list of 100,000 potentially vulnerable MongoDB IPs, 30,000 Elastic Search IPs, and a tool to scan the entire publicly-facing Internet for further vulnerable systems.

    A copy of the source code will set you back $500, payable in Bitcoin. If you’re not too concerned with making modifications to the code, you can get a binary for just $100.

    By turning their ransomware into a commodity, it means that anyone with enough cash can start targeting vulnerable databases. Now more than ever, it’s important for people using MongoDB and Elastic Search to learn how to secure their systems.

    We’ve reached out to MongoDB and Kraken0 for comment. If we hear back from them, we’ll update this piece.