Unidentified persons destroyed the NewsBlur RSS database

An unknown hacker erased the database of the popular RSS reader NewsBlur, and then demanded a ransom from the developers in exchange for access to the data.

Clay is confident that this incident allowed hacker to gain access to the server, erase its contents and leave a ransom note. Moreover, it took the attacker only three hours to discover an available MongoDB database that accidentally found itself on the network.

Let me remind you that just a few years ago, MongoDB hacks and ransom demands were a very popular tactic among cybercriminals. For example, by mid-2017, attackers had already compromised more than 45,000 databases, and at some point, in addition to MongoDB, they also became interested in ElasticSearch, Hadoop, CouchDB, Cassandra, and MySQL.

Although the original hacker groups that practiced such attacks in 2016-2017 stopped after only a few months, since the seizure of the database “hostage” brought them almost no money, experts for a long time discovered new participants in the attacks who also decided to try themselves in extortion.

The incident had already been successfully resolved, as NewsBlur employees were able to restore the database from a backup, which fortunately was at hand.

Let me also remind you that we wrote that Gootkit malware operators left unprotected database in open access.