Managed server hosting provider Future Hosting
has released a warning about ‘MongoDB Ransomware’. Southfield, Michigan-based Future Hosting offers a broad suite of hosting-related products and services. Alongside traditional hosting the company offers ‘Hybrid Virtual Private Servers’, Virtual Private Servers (VPS), and dedicated server options. Established in 2001, its services come with a ‘3-hour Service Level Agreement’. Future Hosting stays on top of potential cyber threats by regularly releasing warnings to the general public. Its current warning suggests MongoDB database users should “verify that their data is both protected by password authentication and cannot be accessed from the open internet”.
Developed by MongoDB Inc., MongoDB is a scalable and flexible open source document database. Recognized as a NoSQL database program, the powerful tool is available free of charge and offers robust querying and indexing functions. As an open source solution, it is open to scrutiny from hackers and those with malicious intent. Recent automated ransomware attacks have exploited incorrectly set security configurations and resulted in “deleted data from thousands of insecure MongoDB databases”. Future Hosting has asked users to “verify that their data is both protected by password authentication and cannot be accessed from the open internet”.
While “MongoDB is not inherently insecure” around 12,000 MongoDB databases were compromised in the latest series of attacks. Impacted data is simply copied and added to an attacker’s server, with the original data simply deleted from the user’s database. To date, around 275 million people have been impacted. Future Hosting further encourages those hosting clients on their servers to “familiarize themselves with MongoDB’s documentation, particularly the Security Checklist”.
“As a managed hosting provider, we host thousands of MongoDB databases on our servers,“ explained Future Hosting’s Vice President of Operations, Maulesh Patel. “Most are secure, but we’re concerned that many MongoDB users don’t understand the risk of storing sensitive data in a database that can be accessed by anyone.”Do you know of any other companies warning people about possible threats? Let us know the details. Add your comments below.