There are very few New Year’s resolutions that carry more weight than deciding to pay more attention to system security. If you’ve been noticing the recent news regarding MongoDB databases being held for ransom, you may also be wondering how we’re going to collectively get beyond this kind of problem. Learning that tens of thousands of MongoDB database have been compromised and held hostage by ransomware is both startling and worrisome. Recent posts have highlighted the scale of the problem: Ransomware groups have deleted over 10,000 MongoDB databases And the number has since grown to more than 30,000. Over 680TB of data exposed in MongoDB databases That’s a lot of data — and that was nearly a month ago. What is MongoDB? MongoDB is a free (no cost) and open-source database system, but not your everyday “select rows where column equals value” kind of database. That’s SQL. MongoDB is, instead, a document-oriented (rather than a table-oriented) database and it runs on a range of platforms including Red Hat, SUSE, Amazon Linux, Ubuntu, and Debian – as well as Windows systems. Classified as a “NoSQL” database, it uses JSON-like documents to store information and is claimed to be much faster than schema-oriented databases. MongoDB usage is also very fast growing with millions of downloads and, presumably, nearly as many installations. The how and why of the attacks boil down to the databases being easy to target and, by default, easy to hack (i.e., not enforcing authentication). Easy to detect As it turns out, you can use Shodan to search for installations of MongoDB. Shodan — a search engine that allows you to locate specific types of computers and systems — uses the meta-data that servers send back to clients routinely. Check it out at www.shodan.io. Set up an account and use product:MongoDB as your query and you’ll be able to get some information on the detected installations. The search results provide some information on the detected installations, including the version and whether authentication has been enabled. The problems that recently led to the tens of thousands of MongoDB databases being held for ransom appear to include old instances running on the cloud without proper security configurations. This information makes it fairly easy to target MongoDB databases, so it’s not surprising that the attackers were able to find their victims. I didn’t display the IP addresses, but they are available on Shodan for your viewing pleasure. MongoDB and security Suggestions for securing MongoDB are available at these URLs:: MongoDB Security Checklist The Register on how to secure MongoDB Don’t pay the ransom! If you are using MongoDB and your database is held ransom, security experts like Justin Farmer (creator of neo) suggest that you not pay the ransom. There are several reasons for this. For one, there’s no telling if the most recent ransom request was left by the individual who originally grabbed the db contents. They may have followed the same process, but not actually have your data. For another, even if they have your data, there’s no guarantee that you’ll get it back from them — even if you pay the ransom. And, lastly, supporting the hackers isn’t generally a good strategy since it obviously encourages them. Related content how-to How to find files on Linux There are many options you can use to find files on Linux, including searching by file name (or partial name), age, owner, group, size, type and inode number. By Sandra Henry Stocker Jun 24, 2024 8 mins Linux opinion Linux in your car: Red Hat’s milestone collaboration with exida With contributions from Red Hat and critical collaborators, the safety and security of automotive vehicles has reached a new level of reliability. By Sandra Henry Stocker Jun 17, 2024 5 mins Linux how-to How to print from the Linux command line: double-sided, landscape and more There's a lot more to printing from the Linux command line than the lp command. Check out some of the many available options. By Sandra Henry Stocker Jun 11, 2024 6 mins Linux how-to Converting between uppercase and lowercase on the Linux command line Converting text between uppercase and lowercase can be very tedious, especially when you want to avoid inadvertent misspellings. Fortunately, Linux provides a handful of commands that can make the job very easy. By Sandra Henry Stocker Jun 07, 2024 5 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe