According to Secureworks, hackers are attacking poorly protected Elasticsearch databases and have already replaced at least 450 indexes with ransom notes.
Let me remind you that recently we also wrote that Experts Found More Than 3.6 million Unprotected MySQL Servers.
Attackers extort $620 from their victims for data recovery, that is, the group is demanding $279,000 in total.
The researchers write that the hackers are setting a seven-day deadline for paying the ransom, and then threatening to double the amount. If the victim does not pay even after that, the data will supposedly be lost forever. Those who pay the ransom are promised to be provided with a link to download a dump of their database, which supposedly will help to quickly restore the data structure and return everything to its original form.
Apparently, to compromise their targets, the attackers use an automated script that analyses unprotected databases, erases information, and adds a ransom note to the server. Researchers believe that nothing is done manually in this campaign.
Experts remind that paying extortionists is not the best idea. At least because the practical and financial problems associated with storing such a large number of databases make this task almost impossible for hackers. More often, attackers simply delete the contents of an unprotected database, leave a ransom note, and hope that the victim will believe their threats.
The hackers behind the campaign have reportedly received only one payment to one of their bitcoin wallets so far.