The MongoDB “ransom” pandemic, which has been in the spotlight for the best part of a month, still appears to be affecting MongoDB installations and various campaigns still appear to be receiving payments. The latest payment for one of the campaigns has been as recent as the January 20, 2017. Figure 1 – Recent bitcoin […]
A number of extortion actors were detected accessing unauthenticated MongoDB installations and replacing their contents with a ransom note, usually containing an email and Bitcoin address and the usual “we have your data” message. The earliest activity we observed was from December 20, 2016 at which time there appeared to be only one actor conducting […]