Mongodb and ransomware

Enterprise Pricing Articles Sign in Free 30-Day Trial MongoDB and Ransomware Share on Twitter Share on Facebook Share on Google+ Vote on Hacker News Published Jan 5, 2017

Recent reports in the news of MongoDB databases being hacked are not new but the ransoms demanded for the return of data is a new twist on an old problem – insecure MongoDB databases. Database query languages Compose MongoDB users haven’t had to worry about the problem, but it is worth looking at what is going on and why it isn’t a worry for them.

We’ve talked about unsecured MongoDB in the past, but these recent attacks show the problem has not gone away even though MongoDB changed the “out-of-the-box” defaults on the database.

So what was the problem and how is it back? Simply put, people often create their own MongoDB instances in the cloud or on web-facing servers and don’t put any access controls on them.


P d database Back in 2015, the out of the box default for MongoDB let anyone access it over the network with no passwords until a user was created for the system. Database 101 Although initially convenient, it was too easy for people to forget to lock down the database. M power database That insecurity was mitigated in MongoDB by ensuring that only connections from the machine the MongoDB instance was running on were accepted by default. Data recovery from external hard drive But old versions and bad habits persist. Database join types What were 40,000 exposed databases on the internet has fallen to around 25,000 databases, but that’s still 25,000 opportunities for bad actors.

The problem for those bad actors wanting to exploit this issue was that the data involved on those attackable databases was usually only valuable to its owners. Section 8 database That’s led to this new “ransom” strategy where the data is deleted and replaced with a single record containing a demand for payment to get the data back. Icd 9 database Some people have apparently paid too. Database xampp Unfortunately for them, researchers have found there’s no record in the logs of any backup being taken. Database administrator jobs There’s also multiple attackers who may be overwriting each other’s ransom notes that are left in the database.

The chances are, unless the owners of the databases made backups, that the data is lost and paying the bitcoin ransom will do nothing but mark the victim as someone prepared to pay a ransom. Data recovery joondalup With at least 500 victims, this current spate of fake data-kidnappings still has a way to go.

Interestingly, the reports of vulnerable databases also include versions that appeared since the defaults were fixed on MongoDB. Database of genomic variants This does suggest that some users are using new database versions but relying on old tutorials offering bad practices for configuring their new MongoDB systems. Database viewer Worse still, they could be knowingly dropping security measures to simplify making a database available.

Compose MongoDB users have not had to worry about this problem: when we deploy one of our production-ready MongoDB database deployments for you, it’s automatically secured with a locked down administration user. H data recovery registration code free download If you administer a Compose MongoDB deployment you have to create users through the Compose console to enable database access. Database hardware This does mean a little more to do when setting up your database deployment at Compose, but it also means people can’t walk in and delete your data. Database roles That’s a trade-off that is simply best practice.

Then there’s the fully automated backup system taking regular backups and preserved for three months so even if an authorized user does delete data, there’s a backup you can go back to. B tree database management system Better still, you can even restore your backups into a completely new database – it’s the default actually – so you can verify them or use them for staging tests. Database file The current Compose MongoDB platform also turns on SSL/TLS on by default so you can have encrypted connections to the database for in-flight credentials and data security.

The current spate of MongoDB attacks is unfortunate, but also avoidable. Data recovery near me Whenever you put a database on the web, make sure you secure it or create it with someone who can keep it secure for you.

If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at articles@compose.com. Database job description We’re happy to hear from you. Data recovery 94fbr Share on Twitter Share on Facebook Share on Google+ Vote on Hacker News Subscribe

Dj Walker-Morgan is Compose’s resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Database foreign key Love this article? Head over to Dj Walker-Morgan’s author page and keep reading.

Company About Us We’re Hiring Articles Write Stuff Plans & Pricing Customer Stories Compose Webinars Support System Status Support Documentation Security Privacy Policy Terms of Service Products MongoDB Elasticsearch RethinkDB Redis PostgreSQL etcd RabbitMQ ScyllaDB MySQL Enterprise Add-ons

banner