This ransomware steals your data and threatens to report you for a GDPR violation
Cybercriminals have figured out how to weaponize GDPR
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database forGDPRviolations if their ransom demands are not met.
As reported byZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a password. They are using an automated script to scan for misconfiguredMongoDB databases, wiping them and then demanding that a ransom of 0.015 bitcoin or around $140 be paid.
The campaign was first discovered by security researcherVictor Geversat the Dutch Institute for Vulnerability Disclosure back in April.
After leaving the ransom note, the attacker gives victims two days to pay before they contact a victim’s local GDPR enforcement authority to report the data leak they caused in the first place.
GDPR violations
Once the attacker gains access to a victim’s MongoDB server, they wipe the databases it contains and create a new database called “READ_ME_TO_RECOVER_YOUR_DATA”.
Inside the new database, there is a collection named “README” which contains a ransom note explaining the victim’s data has been “backed up” and that they must pay $140 to recover it, which reads:
“After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server!”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Based on preliminary analysis conducted by Gevers, he believes that the data was actuallynot backed upbefore the database was wiped.
While cybercriminals have targeted unsecured database servers in the past, this is the first time that they’ve used the threat of a GDPR violation against their victims to ensure that their ransom is paid.
ViaBleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
