Hundreds of misconfigured Elascticsearch databases were recently hit by ransom attacks, security experts have found.
Cybersecurity researchers from Secureworks have uncovered 450 databases whose contents have been wiped, and in their place, a ransom note left.
The ransom note demands $620 per database, to restore the contents, adding up to a total of $279,000. Paying victims will receive a download link for their database, which should help them restore the data structure quickly, the attackers claim.
The victims have a total of seven days to pay up, otherwise the ransom demand will double. If the victims fail to meet the extended deadline, they can expect never to see their data again.
Backing up
But BleepingComputer believes chances are - the victims will never see their data again, regardless of if they make the payment, or not. Apparently, it’s both practically and financially unfeasible for the attackers to keep all this data stored somewhere. Chances are, they probably deleted all of it anyway, and are now just trying the victims out to see who’ll pay up anyway.
The entire attack was fully automated, the researchers believe. Using an automated script, they parsed unprotected databases, wiped the data, and added the ransom note.
As usual, the demand is to be paid in bitcoin, and so far, one payment has been made, the publication confirmed.
Paying the ransom demand is never advised. There’s no guarantee the victims will get their data back, be it partially, or completely. It also motivates the attackers to keep the campaign going. The victim could be struck again, either by the same threat actor or by an entirely different one.
Instead, businesses are advised to protect their endpoints with ransomware protection services, set up a firewall, educate their employees on the dangers of phishing, and make sure they keep all of their software and hardware up-to-date. Last, but definitely not least, businesses should ensure a strong, and regularly updated, backup solution.
Via: BleepingComputer
