View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 13, 2017updated 25 Jan 2017 3:19pm

MongoDB hackers target ElasticSearch in new wave of ransomware attacks

Cyber crooks have turned their attention to ElasticSearch, highlighting a growing trend of hackers choosing extortion over Dark Web trading.

By Ellie Burns

The hackers behind recent attacks on MongoDB have now turned their attention to ElasticSearch, with the cyber crooks demanding similar ransoms for compromised servers.

The recent attacks against MongoDB wreaked havoc on a reported half of internet-facing MongoDB databases. Hackers looked for MongoDB installations on the internet and targeted those without a set administrator password. The hackers then took control of these unsecure accounts, deleted data and demanded a ransom for the return of said data.

Now the same hackers are using the same tricks to ransom ElasticSearch users, taking over weak password-protected servers available over the internet. Niall Merrigan, a security researcher who tracked the MongoDB attacks, has already reported that over 600 hosts have been hit in the extortion cyber attacks.

niall morgan mongodb elasticsearch hackAccording to reports, a cyber gang going under the name P1l4tos is behind the attacks on both MongoDB and the Java-based search engine ElasticSearch.

At the core of these attacks is the administrative access, a basic security no-no which has been met with criticism from security experts.

“There is no reason why a company with even a basic data security strategy should allow an administrator to access, much less delete all information from a database without some level of over-site or workflow controls,” said Terry Ray at Imperva.

“Since cloud-based NoSQL systems are relatively new, the experience of data scientists on these systems varies greatly. And, like almost all database systems, security configuration is not a priority.”

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

The attacks on MongoDB and ElasticSearch also highlight the growing trend of hackers choosing extortion over dark web trades.

ElasticSearch MongoDB ransom note

A copy of a ElasticSearch ransom note.

“I also find it interesting that the criminals here have decided that there is more money to be made by extortion than through the sale of the data on the dark web.  But then again, even if a company pays the ransom, there is no guarantee that the hackers won’t also try to monetize the data,” said Mr Ray.

Topics in this article: ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU