[Important Security Warning] Data Ransom Attacks Against MongoDB and Other Services
Posted Date 09/05/2017
According to Alibaba Cloud threat intelligence, on September 2, 2017, foreign security researchers found that multiple hacker organizations hijacked tens of thousands of MongoDB servers around the world, creating a high security risk.
Affected Services:
User-built data stores such as MySQL, Redis, MongoDB, ElasticSearch, Hadoop, CouchDB and other data related services are potentially impacted.
Note: Alibaba Cloud RDS service is not affected.
Security Solution:
Alibaba Cloud recommends you check your services for vulnerabilities as soon as possible:
1) Use the ECS snapshot function or manually back up your data as soon as possible. We recommend using both local and off-site backup methods.
2) Configure the security group policy to prohibit MySQL, Redis, MongoDB, ElasticSearch, Hadoop, CouchDB and other service from accepting external requests, or limit access to whitelisted IP addresses.
3) Log on to the Alibaba Cloud security console and enable either the free or paid Server Guard service, depending on your needs. View the “baseline check” results in Server Guard, and manually verify and repair any vulnerabilities which are found.
4) You can also refer to the Chinese version of the security manual on the Alibaba Cloud official website to repair vulnerabilities manually.
Click this link for a detailed ransom attack protection solution (in Chinese).
If you have any questions, please feel free to contact us by submitting a ticket.
Affected Services:
User-built data stores such as MySQL, Redis, MongoDB, ElasticSearch, Hadoop, CouchDB and other data related services are potentially impacted.
Note: Alibaba Cloud RDS service is not affected.
Security Solution:
Alibaba Cloud recommends you check your services for vulnerabilities as soon as possible:
1) Use the ECS snapshot function or manually back up your data as soon as possible. We recommend using both local and off-site backup methods.
2) Configure the security group policy to prohibit MySQL, Redis, MongoDB, ElasticSearch, Hadoop, CouchDB and other service from accepting external requests, or limit access to whitelisted IP addresses.
3) Log on to the Alibaba Cloud security console and enable either the free or paid Server Guard service, depending on your needs. View the “baseline check” results in Server Guard, and manually verify and repair any vulnerabilities which are found.
4) You can also refer to the Chinese version of the security manual on the Alibaba Cloud official website to repair vulnerabilities manually.
Click this link for a detailed ransom attack protection solution (in Chinese).
If you have any questions, please feel free to contact us by submitting a ticket.