Question
My MongoDB has been extorted by a kraken ransomware virus
Hello,
Yesterday my database (MongoDB) had been deleted with a message:
{
“_id” : ObjectId(“5871ed160c474c47dc9f3e80”),
“Info” : “Your DB is Backed up at our servers, to restore send 0.1 BTC to the Bitcoin Address then send an email with your server ip”,
“Bitcoin Address” : “1J5ADzFv1gx3fsUPUY1AWktuJ6DF9P6hiF”,
“Email” : “kraken0@india.com”
}
And this morning, my restored database has been deleted one again. What can I do now? Please give some advice for this case.
Thanks!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×
How are they able to access mongo if I have my server setup using ssh keys? This post says that it is a virus. How did this virus get installed on my server and how do I remove it?
I have a firewall and it is active: