Why the MongoDB Ransomware Shouldn't Surprise Anyone


Recent reports have discovered MongoDB instances being targeted with ransomware. Current estimates at the time of this writing suggest that there have been over 28,000 unique cases of ransomware from multiple actors targeting hosts running MongoDB.

MongoDB, as well as many other NoSQL database solutions, have a track record of shipping with insecure default configuration settings including listening on all interfaces as well as providing read/write access without authentication. Insecure default settings as well as simple misconfigurations on the part of administrators expose the hosts to information theft.

This post on the Duo Blog by Jordan Wright aims to provide a bit of background on exposed MongoDB instances, as well as give some helpful tips and resources on securing a MongoDB deployment.