17 January 2017

Ransomware taken to the next level

Krebs on Security reports that now paying ransom to cybercriminals does not ensure that the database will be restored:
Tens of thousands of personal and possibly proprietary databases that were left accessible to the public online have just been wiped from the Internet, replaced with ransom notes demanding payment for the return of the files. Adding insult to injury, it appears that virtually none of the victims who have paid the ransom have gotten their files back because multiple fraudsters are now wise to the extortion attempts and are competing to replace each other’s ransom notes.

At the eye of this developing data destruction maelstrom is an online database platform called MongoDB. Tens of thousands of organizations use MongoDB to store data, but it is easy to misconfigure and leave the database exposed online. If installed on a server with the default settings, for example, MongoDB allows anyone to browse the databases, download them, or even write over them and delete them...

Merrigan and Gevers are maintaining a public Google Drive document (read-only) that is tracking the various victims and ransom demands. Merrigan said it appears that at least 29,000 MongoDB databases that were previously published online are now erased. Worse, hardly anyone who’s paid the ransom demands has yet received their files back...

For now, Merrigan is advising victims not to pay the ransom. He encouraged those inclined to do so anyway to demand “proof of life” from the extortionists — i.e., request that they share one or two of the deleted files to prove that they can restore the entire cache.
What an unholy hell of a situation.


  1. The best and easiest defense against ransomware is good backups stored at a different location. Back up your data! If you're an IT professional and don't have good backups, shame on you.

    (I am an IT professional. I have failed on backups, to the tune of a $10,000 expert repair job on a failed RAID array. Shame on me. Guess what mistake I'm never making again.)

  2. I have now added yet another crime to my list of those crimes that deserve the death penalty. Consider if someone had written a novel--years of work, perhaps--and it is stolen/destroyed. The death penalty is almost too good for such criminals. Personally, I would never convict a person who took matters into his/her own hands and put them out of our misery.

    1. Seriously, chill. Under normal circumstances, it's just data and can be replaced. Sure, it's annoying and sometimes expensive but, that's the price you pay for not keeping your data secured and backed up. The hacking and locking up data in places like hospitals is another story entirely as lives are actually on the line and people could die because of it. In these cases only, I might be with you on the harsh sentencing.

      Oh, and on the topic of these "novels" that people love to moan on about: My short time at Apple, I had over two dozen people scream and cry over their precious lost "novels" that they had spent years of their life on that was lost on a crashed hard drive and had no other copies of and they needed to get back at "any cost." That was, until they learned that the cost was $1,500 to hire a drive recovery service to get it back off the dead drive. Not a single one of them was even willing to take the number to get their "priceless" novel back, much less fork over the money for the service.


Related Posts Plugin for WordPress, Blogger...