Unknown Cybercrime Gang Holds Thousands of Databases For Ransom

Published at: July 2, 2020

Cross-platform database company, MongoDB, is the latest victim of a cybercriminal attack. This attack has infiltrated 22,900 unsecured databases by wiping their contents. The gang behind the attack has since requested Bitcoin (BTC) payments in exchange for a backup of the data.

According to WeLiveSecurity from the cybersecurity firm ESET, if the ransom isn't paid in two days, the hacker, or a gang of cybercriminals, threatened to notify authorities in charge of enforcing European Union's General Data Protection Regulation, or GDPR.

A report published by ZDNet explains that the number of databases compromised in the “Wiping & Ransom” attack account for almost 47% of all the MongoDB's databases.

Over $3.2 million in total demanded by the hackers

The hackers used an automated script to scan each database, and left a ransom note demanding 0.015 BTC, or around $140, for each one. The hackers also included a guide which explains to victims how they can purchase the required Bitcoin.

Victor Gevers, a security researcher at the GDI Foundation, said:

"The first few attacks lacked the data-wiping feature. Once the miscreant realized the mistake in their script, they amended it and started wiping the MongoDB databases. Instances of attacks using this particular ransom note have been recorded all the way back to April of this year."

In total, the hackers are seeking around $3.2M from MongoDB.

In June, ransomware group, REvil, launched a series of attacks that targeted three companies in the U.S. and Canada. They later leaked data from two of the companies and threatened to disclose sensitive data from the third.

Tags
Related Posts
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Revealed: How North Korean hackers launder stolen crypto
British multinational security company BAE Systems and the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, have published a report revealing how cybercriminals launder cryptocurrency. According to the study Follow the Money money laundering cases via crypto are still relatively small compared to the huge volumes of cash laundered through traditional methods like wire transfers. But there are some notable examples and the report goes in-depth into the money laundering methods employed by Lazarus Group, a well-known hacking gang sponsored by the North Korean regime. Lazarus typically steals the crypto funds from an exchange and then starts to pass transactions …
Technology / Sept. 4, 2020
Israeli Software Firm Goes Behind Regulator's Back to Pay $250,000 in BTC Ransom
An Israel-based company reportedly paid $250,000 in Bitcoin for a ransom payment demanded by hackers that threatened to shut down its systems after a ransomware attack. According to a source quoted by Calcalist on June 14, Sapiens International Corp. N.V. — a Nasdaq and Tel Aviv-listed software company — didn’t report the decision to the securities’ regulators of either the U.S. or Israel. The ransomware attack happened at some point between March and April, when the COVID-19 outbreak exploded across the globe, forcing most of the company’s employees to switch to remote work. A suspected security breach during the early …
Technology / June 15, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020