Security researcher Victor Gevers, co-founder of the GDI Foundation, a non-profit dedicated to making the internet safer, is urging administrators to check their MongoDB installations, after finding nearly two hundred of them wiped and being held for ransom.
On Monday morning, Gevers said he’d discovered 196 instances of a MongoDB installation exposed to the public that’s been erased and held for ransom. UPDATE: The count reached nearly 2,000 databases as of 4:00 p.m.
The person behind the attacks is demanding 0.2 BTC ($202.89) as payment, and requiring system administrators email proof of ownership before the files are restored. Those without backups are left in a bind.