Ransomware, Ransom MONGO Database owners under attack

A lot of Ransom against Mongo DB owner running currently. The attacker pumps off the data and replaces so tables and fields with information on how to contact. Worst seems that around 80% of the people don't have and actual backup of this exotic DB. Whoever thinks this will be safe in the Cloud (Amazon AWS) without paying large amount of money additional for protection or backup services gets waked up hardly.

As mentioned in Blogs before we are just waiting until in a first wave the once take down all "Sql Express DB" like Backup exec, Veeam and Antivirus Servers and then after some days hours empty SQL's. Tape Loader producers are happy. It's time to rethink you backup strategy.

 

https://de.wikipedia.org/wiki/MongoDB

Table gets replaced by sample

{ "_id" : ObjectId("58727a840c6c83c222c"), "Info" : "Your DB is Backed up at our servers, to restore send 0.1 BTC to the Bitcoin Address then send an email with your server ip", "Bitcoin Address" : "1J5ADzFv1gx3fsUPUY1AWF9P6hiF", "Email" : "kraken0@india.com" }

 

https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=0

https://forums.aws.amazon.com/thread.jspa?amp%3Btstart=0&messageID=760366