There have been a lot of fears that attacks would intensify. However, this has been confirmed, on 9th January, as security experts said that the number of hijacked MongoDB databases was bound to increase from 10,000 to 28,000.
The hijacking of MongoDB databases started as an isolated incident on Monday has rapidly increased to an all-out destruction of thousands of MongoDB servers by the end of the week.
Two security researchers, Niall Merrigan and Victor Gerves have compiled statistics that have loosely monitored attacks, the hackers have now hit around 25% of all MongoDB databases, this is around 10,500 MongoDB servers that are accessible via the internet.
The hackers unleash attacks on all MongoDB databases that are left accessible via the internet and without administrator account password’s.
A hacker started accessing some of these open databases o the 20th of December from which he exported their content and replaced it with a ransom note.
Multiple groups have joined the initial hacker and as a result, the attacks have intensified over the last weekend. The number of groups has increased from three to eight.
Its unfortunate that most companies lost all their data, the situation has turned out to be very desperate for MongoDB owners as there very little signs of improvement. To make matters worse, multiple groups are re-hacking into the same servers and re-writing ransom notes thus making it hard to know which group downloaded the data and who should receive the ransom.
The majority of the groups are asking for small ransom fees that range from $150 to $500 which encourages the victims to pay. However, companies end up realizing that the group to whom they paid the ransom to was not the one in possession of the stolen data, they are thus forced to pay a second or third ransom to another group.
Merrigan and Gevers noted that some of these groups don’t even bother exporting the databases and making a copy of the original data, implying that some unlucky companies lost their data permanently.