An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases , wiping them , and then demanding a ransom Attack.Ransom in order to get the contents back . While this new campaign is using a name to identify itself , these types of attacks are not new and MongoDB databases have been targeted for a while now . These hijacks work by attackers scanning the Internet or using services such as Shodan.io to search for unprotected MongoDB servers . Once connected , the attackers may export the databases , delete them , and then create a ransom note explaining how to get the databases back . According to security researcher Bob Diachenko who discovered the new Mongo Lock campaign Attack.Ransom , the attackers will connect to an unprotected database and delete it . In its place , the attackers will leave a new database called `` Warning '' with a collection inside it named `` Readme '' . The Readme collection will contain a ransom note that explains that the database has been encrypted and that the victims need to pay Attack.Ransom them a ransom Attack.Ransom to get it back . In the Mongo Lock campaign Attack.Ransom , as shown below , the attackers do not leave a bitcoin address , but rather direct the victim 's to contact them via email . While the ransom note claims that the attackers are exporting Attack.Databreach the database first before deleting it , it is not known if they are doing that in ever case . Victims are paying ransoms Attack.Ransom When looking up some of the bitcoin addresses used in recent MongoDB attacks , victims have been paying the ransoms Attack.Ransom . For example , the bitcoin address 3FAVraz3ovC1pz4frGRH6XXCuqPSWeh3UH , which has been used often , has had 3 ransom payments Attack.Ransom for a total of 1.8 bitcoins . This is equivalent to a little over $ 11,000 USD at the current value of bitcoins .

Google Play , the official market for Android apps , was caught hosting a ransomware app that infected at least one real-world handset , security researchers said Tuesday . The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue , according to a blog post published by security firm Check Point Software . Once installed , Charger stole Attack.Databreach SMS contacts and prompted unsuspecting users to grant it all-powerful administrator rights . If users clicked OK , the malicious app locked the device and displayed Attack.Ransom the following message : You need to pay Attack.Ransom for us , otherwise we will sell portion of your personal information on black market every 30 minutes . WE GIVE 100 % GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT . WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER ! TURNING OFF YOUR PHONE IS MEANINGLESS , ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS ! WE STILL CAN SELLING IT FOR SPAM , FAKE , BANK CRIME etc… We collect and download Attack.Databreach all of your personal data . All information about your social networks , Bank accounts , Credit Cards . We collect Attack.Databreach all data about your friends and family . The app sought 0.2 Bitcoin , currently worth about $ 180 . In an e-mail , Check Point researchers said the app was available in Google Play for four days and had only a `` handful '' of downloads . `` We believe the attackers only wanted to test the waters and not spread it yet , '' the researchers told Ars . The infection was detected by Check Point 's mobile malware software , which the company sells to businesses . Google officials have since removed the app and have thanked Check Point for raising awareness of the issue

Imagine turning on your smartphone to send a text and finding this threatening notice instead : “ You need to pay Attack.Ransom for us , otherwise we will sell portion of your personal information on black market every 30 minutes . WE GIVE 100 % GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT . WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER ! TURNING OFF YOUR PHONE IS MEANINGLESS , ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS ! WE STILL CAN SELLING IT FOR SPAM , FAKE , BANK CRIME etc . We collect and download Attack.Databreach all of your personal data . All information about your social networks , Bank accounts , Credit Cards . We collect Attack.Databreach all data about your friends and family . '' This is the message , word for word , found recently by Oren Koriat and Andrey Polkovnichenko , a pair of mobile cybersecurity analysts at Check Point , a security firm in California . The smartphone on which it appeared was an Android model that had been compromised by smartphone ransomware . Ransomware has become a ubiquitous threat to personal-computer users . Criminals remotely access a victim 's computer and lock all the files using encryption software , offering to unlock the data in exchange for a payment Attack.Ransom . The first ransomware attack Attack.Ransom on a phone occurred in 2013 , according to the Check Point researchers , but until now has been confined to small numbers of victims , primarily in Eastern Europe . Now , the company says , the threat has gained a toehold in the United States . Koriat and Polkovnichenko found the software , which they dubbed Charger , embedded in an app called Energy Rescue , which purports to make a phone battery last longer . `` The infected app steals Attack.Databreach contacts and SMS messages from the user ’ s device and asks for admin permissions , '' the company said in a statement . `` If granted , the ransomware locks the device and displays Attack.Ransom a message demanding payment Attack.Ransom . '' The payment demanded Attack.Ransom was 0.2 bitcoin , or about $ 180 at the current exchange rate . ( The phone was being used for business and did n't contain much personal data ; the owner chose to replace the phone rather than pay . ) The most disturbing part of the attack might be that the app was downloaded from the Google Play store . Android phones can use apps from other sources , but security experts usually recommend that users stick to the Play store to take advantage of the processes Google uses to check the software for safety . `` The main issue here is the fact that such a severe threat managed to penetrate Google 's security and enter Google Play , Google 's official app store , '' says Daniel Padon , another member of Check Point 's research team . `` Most malware that manages to enter Google Play has only slim malicious traits , while Charger is about as malicious as can be . As mobile ransomware try to keep the pace with their cousins in the PC world , we are likely to see more efforts of this sort , endangering users around the world . '' Padon added that this malware was particularly sophisticated , using a number of innovative tactics to evade detection by Google . Google commended the security firm for catching the Charger threat so early . `` We appreciate Check Point ’ s efforts to raise awareness about this issue , '' a Google spokesperson says . `` We ’ ve taken the appropriate actions in Play and will continue to work closely with the research community to help keep Android users safe . '' Ransomware attacks on mobile phones are still relatively rare . One well-known case involved users of pornography apps in Eastern Europe who were targeted by ransomware called DataLust , Check Point says . In those cases , the ransom Attack.Ransom was set at 1,000 rubles , or about $ 15 . There 's evidence that Charger , too , comes from Eastern Europe—beyond the clichéd bad grammar of the ransom note . `` This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries . '' Ransomware attacks Attack.Ransom are joining a growing list of threats to mobile phone securit

Researchers say a piece of ransomware disguised as Attack.Phishing a battery app made its way into the Play store . Check Point says one of its customers contracted the malware app , dubbed `` Charger , '' after installing what they thought was a battery monitoring tool called EnergyRescue . Researchers with Check Point Mobile Threat Prevention say the malware activates when EnergyRescue runs , and requires admin access to the device . Once that permission is granted , the malware checks for location ( it does not attack phones in the Ukraine , Belarus , or Russia ) , then swipes Attack.Databreach all user contacts and SMS messages and locks down the device . From there , the user is told that they must pay to deactivate Attack.Ransom the ransomware or they will have their full details spaffed out for various nefarious activities , including bank fraud and spam . `` You need to pay Attack.Ransom for us , otherwise we will sell portion of your personal information on black market every 30 minutes , '' the ransomware tells users . Not ones to be unprofessional , the Charger operators attempt to reassure their victims by offering a `` 100 % guarantee '' that once the 0.2 Bitcoin ransom Attack.Ransom ( currently around $ 183 ) is paid Attack.Ransom , all the collected information will be deleted and the device unlocked. `` The ransom demand Attack.Ransom for 0.2 Bitcoins is a much higher ransom demand Attack.Ransom than has been seen in mobile ransomware so far , '' note Check Point mobile security analysts Oren Koriat and Andrey Polkovnichenko . `` By comparison , the DataLust ransomware demanded Attack.Ransom merely $ 15 . '' Check Point says that thus far it has not spotted any payments being registered to the Bitcoin address used for the ransom collection Attack.Ransom , so it is unclear how much , if anything , has been made from this operation .