As ransomware attacks soared last year, opinions divided on whether victims should pay the ransom to recover their encrypted data. A year ago, it looked like there was a good chance that paying meant getting the data back, but that seems to be no longer the case.
As the attacks against MongoDB installations around the world continue, with the latest number of compromised databases ranging between 29,000 to more than 32,000 depending on whom you ask, virtually none of the victims who have paid the ransom have gotten their data back.
In fact, many ransom payments are going to criminals who didn’t compromise the database in the first place. One attacker steals the data, wipes the database, and leaves behind the ransom note. Another attacker comes along and overwrites the ransom note with their own, and other attackers keep piggybacking on top of each other. At this point, there’s no reason to pay because victims don’t know who actually has their database.
To read this article in full or to leave a comment, please click here