Bad Actors Target MongoDB Databases, Threatening to Contact GDPR Legislators Unless Ransom is Paid

Bad actors are targeting unsecured MongoDB servers, wiping their database and leaving ransom notes outlining threats to leak the stolen information and report owners for GDPR violations.

According to Victor Gevers, the chairman of the international non-profit organizations GDI Foundation, hackers are actively scanning the Internet for unsecured and vulnerable MongoDB servers.

More than 22,000 ransom notes have been uploaded to exposed MongoDB databases, accounting for nearly 47% of all MongoDB NoSQL databases that are accessible online.

This type of attack has been observed since April 2020. After cyber criminals infiltrate and steal the data, they leave a “READ_ME_TO_RECOVER_YOUR_DATA” ransom note:

“All your data is a backed up. You must pay 0.015 BTC to [redacted] 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to buy https://localbitcoins.com with this guide https://localbitcoins.com/guides/how-to-buy-bitcoins After paying write to me in the mail with your DB IP: [redacted]”

Gervers also noted that Shodan, the IoT search engine, has listed more than 15,000 affected MongoDB databases, while Binary Edge filed around 23,000.

Cyber criminals have been capitalizing on unsecure databases for years. However, this series of targeted attacks brings a new feature – threats related to GDPR legislation. Victims who refuse the pay 0.015 BTC (around 140 US dollars) will be reported to GDPR authorities, and possibly face a larger fine.

“The trick is if you pay, then you want your data back and no GDPR trouble,” Gerver added. “So this means you are willing to pay even more when they extort for more? People pay for real valuable data. So this way, they figure out what has value, I guess.”