Organizations use them regardless of their size ; from MetLife , LinkedIn , City of Chicago , Expedia , BuzzFeed to KMPG and The Guardian there are several other high-profile platforms that are currently taking advantage of MongoDB . At the same time , having a high-profile customer doesn ’ t mean that platform is completely secure . That ’ s why in 2016 , in two different incidents Attack.Databreach , hackers leaked Attack.Databreach more than 36 million and 58 million accounts respectively from unsecured MongoDB . More : LG Smart TV Screen Bricked After Android Ransomware Infection Now , unsecured MongoDB databases are being hijacked by a hacker , who is not only wiping out these databases but also storing copies of them and asking for a ransom Attack.Ransom of 0.2 bitcoins ( roughly US $ 211 ) from admins in exchange of the lost data . Those admins who haven ’ t created backups of these databases are seriously helpless because the rate of Bitcoin is also increasing and the latest rate is 1 Bitcoin = USD1063.93 . The hacking campaign was discovered by security researcher Victor Gevers , co-founder of GDI Foundation , a non-profit organization . Gevers notified owners about the presence of vulnerable , non-password-protected MongoDB databases and also informed that around 200 of these installations have been wiped out by the hacker . Gevers believes that the hacker ( s ) might be utilizing an automation tool but they manually select their target databases . Hacker seems to be interested in databases that contain important information/data or he chooses companies that are most likely in a position to pay the ransom Attack.Ransom to get their data back . In a conversation with SecurityWeek , Gevers said that “ They use some sort of automation tool , but they also do some of the work manually . If they used a fully automated tool , we might have seen all exposed MongoDB databases being hijacked in one swift move ” . But that was old news ; as per recent tweet by Shodan founder John Matherly , approx . It must be noted that Shodan is the platform where a majority of MongoDB instances can be located . As of now , 16 admins/organizations have already paid the ransom Attack.Ransom to obtain the lost data . The attacks Attack.Ransom on MongoDB databases have been going on for more than a week and servers from across the globe have been targeted . Researchers believe that the attacker , who uses the alias “ harak1r1 ” does not encrypt the stolen data but runs a script , which replaces the database content with the ransom note .

The hackers could then lock these computers up and demand a ransom Attack.Ransom or else cause a blackout or poison the city 's water . While that 's a scary scenario , it fortunately has n't happened—yet . But a group of researchers from the Georgia Institute of Technology warn that could change very soon , and to prove it they have developed and tested in their lab a working proof of concept ransomware that specifically targets three types of PLCs . In their scenario , a group of cybercriminals targets PLCs that are exposed online and infects them with custom malware designed to reprogram the tiny computer with a new password , locking out the legitimate owners . The hackers then alert the owner , asking for a ransom Attack.Ransom . `` Ransomware '' is a specific type of malicious software that infects computers and locks or encrypts their content , demanding a ransom Attack.Ransom to return the machines to their original state . It 's been extremely popular in the last couple of years , and is often successful because it 's usually easier for victims to pay the ransom Attack.Ransom than try to decrypt the files on their own . Initially , ransomware targeted regular internet users indiscriminately , but there have already been cases of attacks against hospitals , hotels and other businesses . ( And there will soon be attacks on Internet of Things too ) Thus , the researchers argue , it 's inevitable that criminals will soon target critical infrastructure directly . Beyah and his colleagues David Formby and Srikar Durbha searched the internet for the two models of PLCs that they attacked in the lab and found more 1,500 that were exposed online . With their research , Beyah said , the three hope that industrial control systems administrators will start adopting common security practices such as changing the PLCs default passwords , putting them behind a firewall , and scanning the networks for potential intruders . If they do n't , they might find their systems locked , and the consequence could spill into the physical world .