Security News > 2020 > July > MongoDB ransom threats step up from blackmail to full-on wiping

MongoDB ransom threats step up from blackmail to full-on wiping
2020-07-02 18:49

Presumably, the fact that the blackmail message was uploaded to your database - proving that the crooks had write access - is meant to convince you that the crooks definitely also had read access and therefore did indeed steal all your data.

One thing missing from the blackmail message above is the sort of pressure you'd expect in a ransomware attack, namely that you're paying to get your data back because the crooks have wiped or scrambled it.

The ransomware crooks have taken to stealing your data first anyway, and only then scrambling it in place, so they can put double pressure on you to pay up.

Now, the crooks warn you that even if you do have a backup of your own, they'll expose your data anyway and what could have been just an internal ransomware incident will turn into a full-on external data breach incident.

Some cloud services are so easy to set up that your organisation may have online data held by servers you didn't even know about, using cloud accounts set up on someone's personal credit card "As a test".


News URL

https://nakedsecurity.sophos.com/2020/07/02/mongodb-ransom-threats-step-up-from-blackmail-to-full-on-wiping/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mongodb 23 1 40 22 3 66