This Monday , Bleeping Computer broke the news that a hacker/group identified as Harak1r1 was taking over MongoDB databases left connected to the Internet without a password on the admin account . The group was exporting Attack.Databreach the database 's content and replacing all tables with one named WARNING , that contained a ransom note , asking Attack.Ransom the owners of the hacked database to pay Attack.Ransom 0.2 Bitcoin ( ~ $ 200 ) into Bitcoin wallet . At the time of our article , Harak1r1 had hijacked just over 1,800 MongoDB databases , and 11 victims have paid the ransom Attack.Ransom in order to recover their files . As time went by , Harak1r1 hijacked more databases , reaching at one point over 3,500 MongoDB instances , and currently peaking at over 8,500 . Among them , the hacker ( s ) had even managed to make a high-profile victim , in Emory Healthcare , a US-based healthcare organization . According to the MacKeeper Security Research Team , Harak1r1 had ransacked Attack.Databreach and blocked Emory 's access to more than 200,000 medical records . Attacks from harak1r1 went on for two more days , but as worldwide infosec media started covering the topic , two copycats appeared and started doing the same . The second group goes by the name of 0wn3d , and they work by replacing the hijacked database tables with a table named WARNING_ALERT . According to Victor Gevers , the researcher who initially discovered the first hacked MongoDBs around Christmas , this second group has hijacked just over 930 databases . Unlike Harak1r1 , this second group is a little bit more greedy and asks for Attack.Ransom 0.5 Bitcoin , which is around $ 500 , but this has n't stopped companies from paying Attack.Ransom , with 0wn3d 's Bitcoin wallet showing that at least three victims had paid Attack.Ransom his ransom demands Attack.Ransom . A day later , the same Gevers came across a third actor , using the name 0704341626asdf , which appears to have hit over 740 MongoDB servers . This hacker/group is asking for Attack.Ransom 0.15 Bitcoin ( ~ $ 150 ) , and he 's using a lengthier ransom note , in which he admonishes victims for leaving their DB open over the Internet . Furthermore , this threat actor appears to be more strict with victims and gives database owners 72 hours to pay the ransom Attack.Ransom . According to Gerves , the lines that allowed him to track the activity of these three groups is slowly blurring , as these groups started using more varied messages and different Bitcoin addresses . Additionally , in newer variations of these attacks , the hackers do n't appear to bother copying the hacked database . In recent attacks Attack.Ransom , Gevers says that crooks just delete the DB 's content , ask for a ransom Attack.Ransom regardless , and hope nobody checks the logs and discovers what they 've done . There is no evidence that they actual copied your database . According to Gevers , these groups are now fighting over the same turf , with many of them rewriting each other 's ransom notes . This leads to cases where database owners pay the ransom Attack.Ransom to the wrong group , who ca n't give their content back . `` It 's catching on and it looks more players are coming to the game .

The malware asks for Attack.Ransom 222 Bitcoin but will not honor promises to decrypt files after payment is made Attack.Ransom . The cost of ransomware reached close to $ 1 billion in 2016 , and it 's not hard to see why . The malware family , which targets everything from Windows to Mac machines , executes procedures to encrypt files and disks before demanding a ransom payment Attack.Ransom in return for keys to decrypt and unlock compromised machines . However , it is not only the general public which is being targeted with everything from hospitals to schools and businesses now in the firing line . As the prospect of losing valuable content on computer systems or facing widespread disruption to business operations is often too much to bear , many will simply give up and give in , paying the fee and unfortunately contributing to the cybercriminal 's operations . However , paying up Attack.Ransom does not guarantee that victims will get their files back , no matter how low or high the payment demand Attack.Ransom . This week , ESET researchers discovered that a Linux variant of KillDisk , linked to attacks against core infrastructure system in Ukraine in 2015 , is now being used against fresh Ukrainian financial targets . The ransomware demands Attack.Ransom a huge amount of money , but there is no underwritten protocol for decryption keys to be released once payment is made Attack.Ransom . Distributed through phishing campaigns Attack.Phishing targeting both Windows and Linux , once downloaded , the ransomware throws up a holding page referring to the Mr . Robot television show while files are being encrypted , the research team said in a blog post . Unsurprisingly , no-one has paid up yet , nor should they , ever . `` This new variant renders Linux machines unbootable , after encrypting files and requesting a large ransom Attack.Ransom , '' ESET says . `` But even if victims do reach deep into their pockets , the probability that the attackers will decrypt the files is small . '' Files are encrypted using Triple-DES applied to 4096-byte file blocks and each file is encrypted using different sets of 64-bit encryption keys . However , the ransomware does not store encryption keys either locally or through a command-and-control ( C & C ) server , which means that affected systems after reboot are unbootable , and paying the ransom Attack.Ransom is pointless . `` It is important to note -- that paying the ransom demanded Attack.Ransom for the recovery of encrypted files is a waste of time and money , '' the team said . `` Let us emphasize that -- the cyber criminals behind this KillDisk variant can not supply their victims with the decryption keys to recover their files , despite those victims paying Attack.Ransom the extremely large sum demanded Attack.Ransom by this ransomware . '' There is a weakness in the encryption used by the ransomware , which makes recovery possible -- at least when it comes to Linux infections . Earlier this week , researchers at Check Point revealed the latest exploits of the GoldenEye ransomware , a strain of malware which is targeting German HR companies . The malware is contained in phishing emails which appear to be from job applicants , and once downloaded and installed , demands Attack.Ransom $ 1000 in Bitcoin to unlock infected systems