Ransom attack on Elasticsearch databases

Image credit — Elasticsearch

Hundreds of Elascticsearch databases that were misconfigured were recently targeted by ransom attacks, according to security experts.

Secureworks cybersecurity researchers discovered 450 databases with their information deleted and a ransom message put in their place.

To recover the contents of the databases, the ransom note asks for $620 for each database, totaling $279,000. The attackers say that paying victims will receive a download link for their database, which will allow them to rapidly restore the data structure.

Regardless of whether the victims pay or not, BleepingComputer believes the victims will never see their data again. The attackers appear to be unable to store all of this data due to both practical and economical constraints. Most of the information was probably destroyed anyway, and they’re now just testing the victims to see who will pay up.

According to the researchers, the entire attack was automated. They parsed unsecured databases, erased the data, and appended the ransom letter using an automated script.

The demand is to be paid in bitcoin, as is customary, and one payment has been made so far, according to the publication.

It is never a good idea to pay the ransom demand. There’s no certainty that the victims will receive their data recovered, in part or in full. It also encourages the attackers to continue the effort. The victim could be targeted again, either by the same threat actor or by someone else entirely.

Instead, businesses should use ransomware protection services, install a firewall, educate their staff about the hazards of phishing, and ensure that all of their software and hardware is up to date. Last but not least, organizations should have a reliable backup solution that is updated regularly.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store