We ’ ve witnessed ransomware targeting Windows and Linux systems and Macs , Android devices , smart TVs , and even a ransomware scheme targeting iPhone users ( though not effected through malware ) . Initial targets of ransomware-wielding criminals were mostly individual users . Not long after , the crooks discovered that they could get greater sums from businesses and organizations whose critical data and systems they managed to encrypt and/or make unusable . So they began hitting hospitals and other healthcare institutions , universities and schools , police departments and transportation systems , and businesses of every kind . Such a lucrative business model is not going to be abandoned soon , and we are sure to witness its evolution . A group of researchers from Georgia Tech School of Electrical and Computer Engineering showed that it ’ s possible to craft ransomware aimed at compromising and fiddling with industrial control systems . The team demonstrated their own proof-of-concept ransomware targeting programmable logic controllers ( PLCs ) at RSA Conference 2017 on Monday , showing how a hacker might disrupt the regular functioning of a water treatment plant . They started their research into this attack possibility by identifying severs common PLCs in use at industrial facilities , then obtained three different devices for testing . They probed them for security issues such as weak authentication mechanisms and susceptibility to settings changes , and finally combined them with pumps , tubes and tanks to create a simulated water treatment facility . But “ recent attacks Attack.Ransom on hospitals have demonstrated how profitable ransomware can be when used to hold operationally critical assets hostage with the threat of human harm , and reports suggest attackers are beginning to shift their focus on ICS networks ” . I would imagine that the ransom demanded Attack.Ransom in these cases could be higher than anything seen so far , as the damages to the physical systems could be extensive and the potential for human harm is great . On the other hand , the risk for the attackers is also higher , as government agencies would surely get involved in tracking them down

This Monday , Bleeping Computer broke the news that a hacker/group identified as Harak1r1 was taking over MongoDB databases left connected to the Internet without a password on the admin account . The group was exporting Attack.Databreach the database 's content and replacing all tables with one named WARNING , that contained a ransom note , asking Attack.Ransom the owners of the hacked database to pay Attack.Ransom 0.2 Bitcoin ( ~ $ 200 ) into Bitcoin wallet . At the time of our article , Harak1r1 had hijacked just over 1,800 MongoDB databases , and 11 victims have paid the ransom Attack.Ransom in order to recover their files . As time went by , Harak1r1 hijacked more databases , reaching at one point over 3,500 MongoDB instances , and currently peaking at over 8,500 . Among them , the hacker ( s ) had even managed to make a high-profile victim , in Emory Healthcare , a US-based healthcare organization . According to the MacKeeper Security Research Team , Harak1r1 had ransacked Attack.Databreach and blocked Emory 's access to more than 200,000 medical records . Attacks from harak1r1 went on for two more days , but as worldwide infosec media started covering the topic , two copycats appeared and started doing the same . The second group goes by the name of 0wn3d , and they work by replacing the hijacked database tables with a table named WARNING_ALERT . According to Victor Gevers , the researcher who initially discovered the first hacked MongoDBs around Christmas , this second group has hijacked just over 930 databases . Unlike Harak1r1 , this second group is a little bit more greedy and asks for Attack.Ransom 0.5 Bitcoin , which is around $ 500 , but this has n't stopped companies from paying Attack.Ransom , with 0wn3d 's Bitcoin wallet showing that at least three victims had paid Attack.Ransom his ransom demands Attack.Ransom . A day later , the same Gevers came across a third actor , using the name 0704341626asdf , which appears to have hit over 740 MongoDB servers . This hacker/group is asking for Attack.Ransom 0.15 Bitcoin ( ~ $ 150 ) , and he 's using a lengthier ransom note , in which he admonishes victims for leaving their DB open over the Internet . Furthermore , this threat actor appears to be more strict with victims and gives database owners 72 hours to pay the ransom Attack.Ransom . According to Gerves , the lines that allowed him to track the activity of these three groups is slowly blurring , as these groups started using more varied messages and different Bitcoin addresses . Additionally , in newer variations of these attacks , the hackers do n't appear to bother copying the hacked database . In recent attacks Attack.Ransom , Gevers says that crooks just delete the DB 's content , ask for a ransom Attack.Ransom regardless , and hope nobody checks the logs and discovers what they 've done . There is no evidence that they actual copied your database . According to Gevers , these groups are now fighting over the same turf , with many of them rewriting each other 's ransom notes . This leads to cases where database owners pay the ransom Attack.Ransom to the wrong group , who ca n't give their content back . `` It 's catching on and it looks more players are coming to the game .