Skip to main content

Ransomware attacks on MongoDB servers use GDPR to blackmail victims

(Image credit: Image Credit: WK1003Mike / Shutterstock )

Owners of compromised MongoDB databases are being threatened by cybercriminals, who claims they will report the breach as a violation of GDPR, security experts are claiming.

According to a report from Victor Gevers, the chairman of the non-profit GDI Foundation, hackers are scanning MongoDB for unsecure databases and then wiping the data.

As reported by Bleeping Computer, before wiping the servers, the hackers allegedly back up the data and then create a new entry entitled "Read Me To Recover Your Data".

The entry contains a ransom note, in which the attackers threaten to first leak the stolen data on the internet, and then report the owner to data protection watchdogs. To prevent that from happening and recover their stolen data, the owners are told to pay 0.015 bitcoin (approximately $135 at current prices).

However, Gevers believes the ransom request is nothing more than means to separate the wheat from the chaff. There are thousands of unsecure MongoDB databases out there and not all contain valuable data. By requesting payment from as many victims as possible, criminals can easily learn which databases actually hold valuable data.

The report also states that payment does not necessarily mean the owners will get their data back. Instead, Gevers urges users to secure their databases and resist ransom demands.