Catalin Cimpanu reports:
A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today.
The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment.
Read more on ZDNet. Of course the attacker hasn’t really stored the data. That would be costly. They’re just hoping desperate people will send them a payment in the hopes of getting their data back.
I remember when we first started seeing this problem back in 2016 and 2017. But why is it still happening despite periodic news coverage and reminders? Catalin provides an explanation, but it’s not a particularly satisfactory one. If a server admin wants to correctly configure a MongoDB, they should consult the MongoDB Security page.