This ransomware steals your data and threatens to report you for a GDPR violation

News
By published

Cybercriminals have figured out how to weaponize GDPR

(Image credit: Dooffy / Pixabay)

Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.

As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a password. They are using an automated script to scan for misconfigured MongoDB databases, wiping them and then demanding that a ransom of 0.015 bitcoin or around $140 be paid.

The campaign was first discovered by security researcher Victor Gevers at the Dutch Institute for Vulnerability Disclosure back in April.

After leaving the ransom note, the attacker gives victims two days to pay before they contact a victim's local GDPR enforcement authority to report the data leak they caused in the first place.

GDPR violations

Once the attacker gains access to a victim's MongoDB server, they wipe the databases it contains and create a new database called “READ_ME_TO_RECOVER_YOUR_DATA”.

Inside the new database, there is a collection named “README” which contains a ransom note explaining the victim's data has been “backed up” and that they must pay $140 to recover it, which reads:

“After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server!”

Based on preliminary analysis conducted by Gevers, he believes that the data was actually not backed up before the database was wiped.

While cybercriminals have targeted unsecured database servers in the past, this is the first time that they've used the threat of a GDPR violation against their victims to ensure that their ransom is paid.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Latest in News
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
More about security
NHS

NHS IT supplier hit with major fine following ransomware attack
Data leak

Top home hardware firm data leak could see millions of customers affected
Arlo video doorbell and chime spring sale deal

Our best budget video doorbell is at an even more affordable price in Amazon's Spring Sale

See more latest
Most Popular
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Apple iPad Pro 13-inch (2024)
iPadOS 19: 4 rumored new features, and 2 I’d like to see
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
Garmin Fenix 8 vs Enduro 3 comparison
Garmin adds premium Garmin Connect+ tier with AI features – but promises your free experience ‘is not going away’
Microsoft Copilot combines the Microsoft 365 apps, Microsoft Graph and Artificial Intelligence. Isolated 3D logo on a surface
Microsoft adds Copilot AI features to Windows 11's Photos app - and I actually don't hate them
Kirby inhaling a Nintendo Switch
Nintendo Direct live build-up: no Switch 2, but these are our predictions for what we could see