Elasticsearch databases are being hit hard by ransom attacks

security
(Image credit: Shutterstock / binarydesign)

Hundreds of misconfigured Elascticsearch databases were recently hit by ransom attacks, security experts have found. 

Cybersecurity researchers from Secureworks have uncovered 450 databases whose contents have been wiped, and in their place, a ransom note left.

The ransom note demands $620 per database, to restore the contents, adding up to a total of $279,000. Paying victims will receive a download link for their database, which should help them restore the data structure quickly, the attackers claim.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

The victims have a total of seven days to pay up, otherwise the ransom demand will double. If the victims fail to meet the extended deadline, they can expect never to see their data again.

Backing up

But BleepingComputer believes chances are - the victims will never see their data again, regardless of if they make the payment, or not. Apparently, it’s both practically and financially unfeasible for the attackers to keep all this data stored somewhere. Chances are, they probably deleted all of it anyway, and are now just trying the victims out to see who’ll pay up anyway.

The entire attack was fully automated, the researchers believe. Using an automated script, they parsed unprotected databases, wiped the data, and added the ransom note. 

As usual, the demand is to be paid in bitcoin, and so far, one payment has been made, the publication confirmed. 

Paying the ransom demand is never advised. There’s no guarantee the victims will get their data back, be it partially, or completely. It also motivates the attackers to keep the campaign going. The victim could be struck again, either by the same threat actor or by an entirely different one.

Instead, businesses are advised to protect their endpoints with ransomware protection services, set up a firewall, educate their employees on the dangers of phishing, and make sure they keep all of their software and hardware up-to-date. Last, but definitely not least, businesses should ensure a strong, and regularly updated, backup solution.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
Ransomware
Ransomware defenses are being weakened by outdated backup technology, limited backup data encryption, and failed data backups
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back
Data leak
Popular online bill paying site leaks data of thousands of users
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock