Three sets of hackers were hard at work over the Labor Day weekend using ransomware to wipe about 26,000 MongoDB databases.
A “MongoDB ransacking” spreadsheet created by researchers Dylan Katz and Victor Gevers – the latter of whom along with Niall Merrigan discovered an earlier deluge of attacks – showed a single group that uses “firstname.lastname@example.org” is responsible for 22,000 of the accounts hacked, ZDnet reported.
“We have your data. Your database is backed up to our servers,” the message to victims read. “If you want to restore it, then send 0.15 BTC and text me to email, just send your IP-address and payment info. Messages without payment info will be ignored.”
The group responsible for ransacking 3,500 databases sent victims a similar message. “If you want to recover your data, then send 0.05 BTC to bitcoin-address and send your IP to our email. You don’t want that your users/customers to know that you have a data leak, right?” ZDnet reported the group, which uses the email address “email@example.com” as saying.