Mongo Lock Attack Ransoming Deleted MongoDB Databases

More from: | Bleeping Computer |

An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back. 

While this new campaign is using a name to identify itself, these types of attacks are not new and MongoDB databases have been targeted for a while now. These hijacks work by attackers scanning the Internet or using services such as to search for unprotected MongoDB servers. Once connected, the attackers may export the databases, delete them, and then create a ransom note explaining how to get the databases back.

According to security researcher Bob Diachenko who discovered the new Mongo Lock campaign, the attackers will connect to an unprotected database and delete it. In


Read full article »

About | Bleeping Computer |

Bleeping Computer® is a technical support site and a self-education tool for the novice user to learn basic concepts about Computer Technology. Our focus is to allow the novice computer user to be able to have a place that they can come and discuss computer/technology problems with their peers and at the same time have a rich resource in which to learn the "basics" about computers and technology.

We have found, with our extensive experience in helping users, whether they be family, friends, coworkers, or clients, that most technical support problems lie not with the computer, but with the fact that the user does not know the "basic concepts" that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, Internet, and applications.

»Twitter: @BleepinComputer »Facebook: @BleepingComputer »YouTube: BleepingComputer