MongoLock ransomware has been around since 2017. However, it hasn’t wreaked much havoc at the time of the discovery. However, it sent ripples across the cyber landscape in September last year when it affected several MongoDB databases.

A team of ransomware removal experts has recently discovered a new variant of MongoLock Ransomware. As mentioned earlier, this cryptovirological strain is primarily devised to target Mongo DB databases. So, it would be better to get a primer on MongoDB before delving into the details of the latest ‘trouble’ from MongoLock ransomware operators.

What is MongoDB?

MongoDB is a document-based database that provides exceptional flexibility and scalability to organizations that have to operate in a document-intensive environment. MongoDB databases can help all such organizations to streamline their operations.

MongoLock Targets MongoDB

MongoLock operators have played a great trick by tailoring their cryptovirological payload specifically for MongoDB databases. They infiltrate the servers with MongoDB bases and make encrypted copies of them on their own server before deleting them. A ransom note on the desktop of the affected device appears after the deletion.

The idea behind targeting MongoDB databases is to inflict downtime on organizations whose operations are largely dependent on documents. Many affected companies actually fall victim to this ploy. In order to prevent extended downtime, they agree to pay the attackers for ransomware removal.

According to the initial investigation, the operators of new MongoLock operators are asking for 0.1 Bitcoin for providing the decryption key. This dollar amount of this ransom is approximately $344, according to the current exchange rate. The attackers ask the victims to send them emails with their IP addresses and the proof of payment to get the ransomware removal solution. The Bitcoin wallet address and ID of attackers are given in the ransom note. MongoLock operators also warn victims with the threat that they will delete the encrypted files after the lapse of 24 hours.

Extended downtime is, in fact, a major issue for organizations. It affects their customer service and also damages reputation among peers. Both these aftereffects can eventually lead to tangible losses. The implications of downtime make it more likely for the affected organizations to yield to the demands of ransomware operators.

By deploying professional ransomware removal services for neutralizing the problem, you can get around the unpleasant prospect of extortion payment. Moreover, establish a regular regimen of data backups. With a copy of important data on an offsite location, you won’t have to incur downtime following any cyber attack.

Ransomware removal experts are still trying to find the distribution method employed by the MongoLock operators. There are strong chances that they are either using phishing emails or RDP hacking to infiltrate MongoDB servers.

Simeon Georgiev

https://www.linkedin.com/in/simeon--georgiev/

I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]

Previous post Cryptovirological Discovery: Vaca Ransomware Next post Ransomware Hits Salisbury Police Department

Experts Discover a New Variant of MongoLock Ransomware

What is MongoDB?

MongoLock Targets MongoDB

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk