Sometimes the work of the pirates is really too easy. According to Zdnet, someone erased about 23,000 MongoDB databases that were freely available on the Internet. The data has been replaced by a rather original ransom message, in which the hacker claims 0.015 bitcoin (or around 121 euros) for their restitution.
If the victim does not comply after 48 hours, his data would be published online. The hacker also threatens to report the victim to the competent personal data protection body. For French victims, this would therefore be the CNIL.
The figure of 23,000 comes from BinaryEdge, a search engine dedicated to connected objects. On Shodan, a similar tool, only 15,000 erased databases are listed, mainly in China and the United States. In France, more than 400 MongoDB databases have been destroyed.
The whistleblowing is a new development in this kind of business, even it may be a bluff. The price of the ransom is relatively low, probably to encourage victims to get their hands on the wallet. But this small sum could also be a test ball. If the victim is ready to pay, it will prove that the data has some value and the hacker could ask for an extension.
Either way, it’s unfortunate to see how poorly secure companies are in their data. Hopefully this will serve as a lesson for them.