-1

enter image description here

Please help me how i can recover my database. 

"WARNING" : "YOUR DBS ARE ENCRYPTED. SEND 0.5 BTC (BITCOIN) ~= 550USD, TO THIS BTC ADDRESS: 15b7bS8tUg8NpzX2FRJQskEFjWRDg9gy6f AND CONTACT THIS EMAIL: 0wn3d@protonmail.com WITH THE IP OF YOUR LOCKED SERVER TO RECOVER YOUR DBS!"

Please help me asap. "WARNING" : "YOUR DBS ARE ENCRYPTED. SEND 0.5 BTC (BITCOIN) ~= 550USD, TO THIS BTC ADDRESS: 15b7bS8tUg8NpzX2FRJQskEFjWRDg9gy6f AND CONTACT THIS EMAIL: 0wn3d@protonmail.com WITH THE IP OF YOUR LOCKED SERVER TO RECOVER YOUR DBS!"

also find this on internet secure-mongodb-database

Manjeet Thakur
  • 101
  • 2
  • Do you have any recent backups? I don't know what you want from posting this question, a recovery procedure, or what? There isn't an actual question. Do you have authentication checks on Mongo? – hd. Jan 05 '17 at 08:50
  • @hd.yes i want to know how to recover data and how to more secure database – Manjeet Thakur Jan 05 '17 at 08:51
  • 1
    Then please modify your question to say you want that. As to recovering data, if you've done a `mongodump`, you can use `mongorestore`. If you have no backups, then you're out of luck as it seems the hacker drops all the databases and replaces their own called "WARNING_ALERT" – hd. Jan 05 '17 at 08:52
  • Are you asking how to get your data back? That's the point of ransomware. Or are you asking how to configure your database more securely, to ensure this doesn't happen a second time? Because that seems rather broad. – AviD Jan 05 '17 at 08:58
  • @AviD yes, I want to make sure that this will not happen in future and also any way to recover my old database. I have never use mongodump Please suggest me the best way to do it.thank you – Manjeet Thakur Jan 05 '17 at 09:03

1 Answers1

0

Firstly you need to update all the software on the server & lock it down. Change all passwords that might give access to the system and to the database.

Next you need to adjust your firewall(s) to block access to MongoDB except where required. For example, if you are using MongoDB to run a web app, it is possible you only need access from localhost.

There are plenty of blog posts on how to configure a (presumably Linux) server securely.

For MongoDB, you simply need to make sure nobody can access it - add user id/password to it but don't forget to adjust any applications that connect to it. But best if you can simply restrict access to specific hosts. Also make sure you are dumping the database regularly AND copying that to a multi-versioned backup.

After all that is done, you will need to restore your database from a backup.

Julian Knight
  • 7,092
  • 17
  • 23
  • 3
    I'd just assume the server is now hostile, and scrub/destroy it, and relaunch a new EC2 instance. Changing passwords, updating software and "locking it down" won't help if the attacker, and they most probably have, rooted/backdoor'd the server. – hd. Jan 05 '17 at 09:14
  • That might not be so easy depending on what is on the instance and how it is configured. Even if the OP can do this, he will still need to follow the same advice for locking down. – Julian Knight Jan 05 '17 at 09:17
  • 1
    @hd. Most likely not rooted/backdoor´d but just a really bad mongo db setup. Many MongoDBs that are listening on the internet are targeted these days -> https://twitter.com/0xdude/status/813865069218037760 – architekt Jan 05 '17 at 10:51
  • @MartinFischer, agreed. Also, I can't imagine why you'd want to let MongoDB listen over the internet, that would seem to be asking for trouble same with any of the newer "databases". Even something like Oracle or MS SQL would be risky. If you need remote access, either put in a web front-end or a VPN (even if only port forwarding over SSH). – Julian Knight Jan 05 '17 at 17:03