Don't Let Your Apps and Databases Become a Ransomware Targets: How to Protect Your Database

Databases are the lifeblood of almost every enterprise application.  Next-generation and distributed, non-relational databases and traditional relational databases in the cloud have quickly become the engine of next-generation applications. Organizations now use them to store sensitive data like user information, transaction records and voter records — making them a logical target for hackers. There have already been several reported data breaches and ransomware incidents affecting next-generation databases such as MongoDB. Companies need to develop bullet-proof data protection and recovery strategies for the next generation of enterprise applications and databases now, but one of the biggest gaps is backup and recovery for these platforms.

• Ransomware has increased over 1,000 percent in less than a year.
• New variants of ransomware are now aggressively targeting MongoDB. In fact, over 10,000 insecure MongoDB databases were compromised by ransomware in the past two weeks.
• Following security best practices for MongoDB can help, but you still need an effective backup and recovery strategy with point-in-time capability.
• Traditional backup tools don’t have the capabilities needed to protect distributed, non-relational databases and applications, such as MongoDB, Apache Cassandra, Apache Hadoop, and HBase

Ransomware has increased over 1,000 percent in less than a year according to security researchers, affecting at least one in five companies in 2016. Ransomware has targeted low-hanging fruit like desktops, laptops and file shares. IT security professionals have rightly focused efforts on endpoint protection, along with backup and recovery strategies for user files.

But new variants of ransomware are emerging daily that now target enterprise platforms and workloads. Databases in particular are a very attractive target for attackers since they often contain business-critical or confidential information. What’s more, databases power the enterprise applications that companies and government agencies rely on for customer interactions, daily operations and revenue. For a ransomware attacker, holding a database hostage can be potentially very lucrative.

Recent ransomware incidents have specifically targeted the open source MongoDB platform. According to a January 3rd report in CSO Online, a handful of attackers compromised over 10,000 MongoDB databases with ransomware. The databases were — like nearly 100,000 other MongoDB instances — publicly exposed on the internet and not secured properly.

In most cases, ports that are open by default leave the databases exposed to attack. Following security best practices can certainly help, but because ransomware can still find its way behind the firewall, it’s critical to have backups with point-in-time recovery for critical data and files. Gartner recommends doing exactly this for desktops, laptops and file shares that are particularly vulnerable to ransomware, but there’s no way to do this for modern applications and database. Distributed databases like MongoDB and Cassandra also replicate across nodes quickly, so if ransomware infects a single node, it will quickly bring the database to a halt — possibly shutting down customer-facing or other critical applications with it.

Groups involved in MongoDB hijacking attacks (SOURCE)