Of late, MongoDB, the Database-as-a-Service provider grabbed the headlines for one of the biggest wrong reasons — ransomware attack or malware that installs surreptitiously on a user’s computer, locks the system or locks the user’s files. Earlier last month, 27,000 databases came under attack when hackers compromised unsecured instances of MongoDB running openly on the internet. Reportedly, hackers wiped off over 680 terabytes of crucial data and demanded one bitcoin in return of the database. MongoDB ransomware attack brought into sharp focus the crimes in cyberspace and they cost to global economy. 

MongoDB Ransomware attack signals a red flag in privacy and security of data

Why MongoDB’s instances were held hostage? MongoDB’s unsecured instances were openly accessible on the internet and did not have any password-protected admin accounts. Lack of firewall to protect the databases and lack of security configurations made one of the most popular database management system a sitting target.  According to reports, there are 30,000+ MongoDB installations on the web that are available on the cloud. Extortion is the most extreme step taken by hackers, industry experts reportedly point out that databases can be compromised by hosting malware or hiding files.

The repercussions of the attack exposed data from several organizations. Here’s the total number of organizations exposed and the hackers involved in the malicious attempt.  But the ransacking didn’t stop there. According to news reports, 600+ unsecured Elasticsearch clusters were hit by ransomware. The servers hosted on Amazon Web services sent out an advisory to their customers. As per their blog, “No malware, or “ransomware” was used in the attacks and there was no data breach, still the incident represented a serious security concern,” read the blog entry.  The blog also listed down steps to “secure data in Internet-facing instance of Elasticsearch”.

When Analytics India Magazine contacted representatives at MongoDB, the major proponent of unstructured relational database, we got MongoDB’s “Suggested Steps To Diagnose and Respond to an Attack”. As per MongoDB’s guide, “MongoDB Cloud Manager and MongoDB Ops Manager provide continuous backup with point in time recovery wherein users can also enable alerts in Cloud Manager to detect if their deployment is internet exposed”.

Spike in Ransomware attacks

From Montana schools to smart TVs in Japan, there is a surge in cyber-targeting with news reports pointing cybercriminals notching up to a 1$ billion dollars in 2016 in phishing attacks. The year 2017 began with MongoDB’s ransomware attack, courtesy the misconfigured databases followed by Elasticsearch clusters being breached. Security experts pointed out vandalization of Hadoop installations. News reports say a potential attack could expose 8,000 HDFS installations. Though no data stored on HDFS installation was compromised, hackers left a calling card and the breach exposed the “access without authentication”.

As per a survey, ransomware attacks are expected to double in 2017. Cyber security is the number #1 concern of most organizations and according to the Osterman Research, nearly 50% of organizations came under ransomware attack in 2016. The most vulnerable sector proved to be financial followed by manufacturing, government and healthcare. Another key finding of the survey was that malware made its way through devices such as smartphone or tablet.

How are organizations beefing up in face of ransomware threats?

While end-to-end prevention of cyber threats is not possible, security experts note training staff and maintaining a full-proof IT infrastructure can serve as the best defense in protecting data.

Companies shore up defense to prevent cybercrimes:

• Last year, chip maker Intel, Europol (European law enforcement agency) and Kaspersky Lab (Russian cyber Security Company) joined hands to address the growing threat of ransomware.
• Cyber security vendors need to advance artificial intelligence and machine learning capabilities to effectively prevent cyber threats. From Android mobile OS to Windows OS and Apple Mac, ransomware has widened its net and sophisticated machine learning algorithms can check the threat at early stage.
• Dubbed as the “crime of the century”, the softest targets – big data databases managed from cloud should shore up authentication and provide recovery data option through a robust program.
• Redmond-headquartered IT giant Microsoft introduced ransomware protection in Windows 10 anniversary update earlier last year. Steps taken to ensure ransomware defense ranged from browser hardening to machine learning and a more robust Windows Defender.
• At an organizational level, robust infrastructure management, employee training and risk assessment should be undertaken to protect sensitive data.

Even though cyber-attacks cannot be entirely avoided, threats and breach of data can be minimized by following a robust data management policy. Security vendors will come into play in 2017.