May 27, 2019   SOURCE: PR NewsWire

Future Hosting Warns Server Hosting Clients of Risks to MongoDB Ransomware

SOUTHFIELD, Mich., May 27, 2019 /PRNewswire-PRWeb/ -- Future Hosting, a managed server hosting provider, is warning users of the MongoDB database to verify that their data is both protected by password authentication and cannot be accessed from the open internet. The warning is in response to an automated ransomware campaign that deleted data from thousands of insecure MongoDB databases over the last month by exploiting improper security configurations.

Data stored in 12,000 MongoDB databases was deleted and replaced with a message instructing the owner to contact the attacker for payment details. Unlike traditional ransomware attacks, the data is not encrypted, but copied to the attacker's servers and then deleted. More than 275 million people were affected by the breach.

Attacks against insecure MongoDB databases are common, but the scale of recent attacks is much larger than data leaks and ransomware attacks in past years.

Future Hosting urges server hosting clients who use MongoDB to familiarize themselves with MongoDB's documentation, particularly the Security Checklist, which explains how to enable access controls and enforce authentication.

MongoDB is an easy-to-use document-oriented database widely used in the web development and JavaScript communities.

"As a managed hosting provider, we host thousands of MongoDB databases on our servers," said Maulesh Patel, VP of Operations of Future Hosting, "Most are secure, but we're concerned that many MongoDB users don't understand the risk of storing sensitive data in a database that can be accessed by anyone."

MongoDB is not inherently insecure; the attackers are not exploiting a software vulnerability. However, inexperienced users often fail to configure the database correctly, allowing it to respond to requests from arbitrary IP addresses without authentication.

Victims of the attack may be unaware that MongoDB requires configuration to protect data from external access. They may also falsely believe that it is difficult to discover insecure databases. But tools such as the Shodan search engine and BinaryEdge make it easy to find insecure devices and services on the internet.

About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com

SOURCE Future Hosting