After the ransacking of MongoDB, ElasticSearch, Hadoop, and CouchDB servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for a 0.2 Bitcoin ($235) payment.
An unknown hacker is accessing public and unsecured Apache Cassandra databases and adding an extra table through which it warns server owners that their DB was left exposed to online attacks.
A group of at least two hackers has tried to extort a ransom payment from the Lloyds Banking Group according to a copy of an email the hackers sent to a high-ranking executive.
After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms.
Almost nine days after attacks on MongoDB servers have ramped up, the number of ransacked databases has reached 32,380 hosts, and the number of groups involved in these attacks has grown to 21, after initially just one group had been involved.
The Los Angeles Community College District (LACCD) agreed to pay a ransom demand of $28,000 to crooks who managed to infect the computer network of the Los Angeles Valley College (LAVC) with ransomware.
The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of a professional ransomware group known as Kraken.
The "ActionFraud" UK National Fraud & Cyber Crime Reporting Center has issued an alert this week to UK educational institutes, warning against cyber-criminals cold-calling British schools and tricking staffers into installing ransomware on the school's computers.
What started as isolated incidents on Monday has transformed into an all out destruction of thousands of MongoDB servers by the end of the week.
MongoDB administrators are about to be tought a hard lesson in database management practices, as the number of hackers that are now involved with DB hijacking attempts has gone from one to three, and more are expected to join in the upcoming days.
An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a Bitcoin ransom to return the data.