Ransomware Targets Elasticsearch Databases

Roughly 450 Elasticsearch databases have been targeted with ransomware that replaces their indexes with a demand for $620 to return the stolen data. The threat actors demand that victims pay within seven days or the ransom is doubled. After two weeks, it seems that the data is destroyed and no recovery is available. This campaign is not the first of its kind, numerous examples are found in our white paper.  Attacks against unsecured or poorly secured databases have been a recurring problem for companies, users, and cybersecurity practitioners. Threat actors have employed a number of tactics to target and extort owners from reporting GDPR violations, data exposure, and ransomware. While the methods vary the causes are consistently human-related.  The leading causes of exposed databases are human error from misconfigurations and onerous workload, excess third-party privileges, open API abuse, and open-source software flaws. Combined, these factors provide an ongoing supply of databases that can be targeted. Statistics bear this out as open databases allowing unauthorized access are reportedly responsible for 86% of all publicly accessible sensitive records. The reality is that any company is likely to make mistakes and thus have exposed data. The solution is not another layer of security tools or settings but finding exposed data faster and more accurately than threat actors. CybelAngel uses comprehensive protocol scanning and Augmented Intelligence where machine-learning algorithms combine with human expertise to locate exposed data and eliminate all false positives. CybelAngel provides high-impact, actionable alerts, allowing threat teams to focus on what’s critical. This unique approach allows you to scale your security operations without having to hire additional security headcounts. If you are ready to get proactive about external digital request a demo here.