Hackers Targeted 1200 Elasticsearch Databases And Demanded $620 For Each Databas...

Hackers Targeted 1200 Elasticsearch Databases And Demanded $620 For Each Database

Hackers have targeted weakly secured Elasticsearch databases and substituted the indexes with a ransom note demanding $620 to restore their contents. The total amount for data they’re demanding is around $279,000.

The threat actors have set an unspecified deadline of seven days for payment and threaten to increase the amount demanded in the event of a delay. If a week goes by without receiving the money and the victim is not paid, they claim that the victim is likely to lose indexes.

The customers who pay for the service will receive a download file of their database, which is supposed to aid in restoring the structure of the database to its original structure quickly.

The campaign was discovered by threat analysts from Secureworks, who found more than 450 distinct requests for ransom.

According to Secureworks, the hackers utilize an automated program to analyze unprotected databases. They then erase their data and then apply the ransom. So, there isn’t any manual involvement during this attack.

Ransom note dropped on wiped databases (Credits: Secureworks)

Related Valuable Stories:

• Beware, Hackers Using MMI Trick To Steal WhatsApp Accounts

• China-backed Hackers Are Exploiting Microsoft Office

• GitHub Attackers Stole Login Details Of 100K NPM Users

Campaign Outcomes:

This wasn’t a new attack, we have witnessed similar opportunistic attacks in the past, and also against other databases as well.

Restoring database data by paying hackers is not a realistic option because the practical and financial hurdle for an attacker to keep the contents of this many databases is impractical.

Instead, the attackers simply erase the data from the database without protection and then leave a ransom notice in the hope that the target will believe in their statements. As of now, one of the Bitcoin wallet addresses mentioned in the ransom note for payments.

One of the Bitcoin addresses used in the campaign (Blockchain.com)

But for people who manage their data and who don’t make regular backups, the possibility of losing everything in the event of a wipe will more than likely cause significant financial damage.

Some databases are compatible with online services, and there’s always the possibility of business disruptions that can be more costly than the small sum that the scammers are demanding.

Furthermore, businesses should not deny the possibility of hackers stealing data to make money from it in a variety of ways.

Elasticsearch security:

Unfortunately, as long as databases remain exposed to the public on the internet without safeguarding them effectively, these malicious attacks continue to attack them.

A report released by Group-IB reveals that more than 100,000 Elasticsearch instances were online in 2021. It is approximately 30% of the total of 308,000 database instances exposed in 2021.

Total number of exposed databases detected from the start of 2021 (Group-IB)

According to the same study, the database administrators take around 170 days before they realize they’ve made an error, which leaves ample time for malicious attackers to launch attacks.

According to Secureworks, Databases shouldn’t made public unless it’s necessary to their purpose. In addition, if remote access is needed, administrators must set up multi-factor authentication for users who are authorized and limit access to authorized users only.

Businesses that outsource these services to cloud-based providers should be sure that their security policies meet their requirements and ensure that all information is secured.

Related Valuable Stories:

• Blogging Platform Telegraph Is Being Exploited By Phishing Scammers

• GitHub Copilot, AI-powered Coding Tool Will Be Free For Students

• 3.6 Million MySQL Servers Found Exposed On The Internet