How to Protect Against Elasticsearch Ransomware Attacks
As if it wasn’t already bad enough, the ransomware attacks on MongoDB users continue to spread and have now targeted exposed Elasticsearch clusters. Like MongoDB, Elasticsearch is one of the most popular containerized applications and is widely used all over the world in datacenters.
In these Elasticsearch ransomware attacks, the attackers wipe out user data and leave a single index with a ransom message like,
“SEND 0.2 BTC TO THIS WALLET: 1DAsGY4Kt1a4LCTPMH5vm5PqX32eZmot4r IF YOU WANT RECOVER YOUR DATABASE! SEND TO THIS EMAIL YOUR SERVER IP AFTER SENDING THE BITCOINS.”
It is also reported that it’s not clear if victims actually get their data back after paying the ransom.
The attacks are actually super simple but it turns out that the results are surprisingly effective. To date more than 9750 servers were damaged and more than 450TB of data was deleted. Some estimates put the number of internet-accessible Elasticsearch deployments at around 68,000.
So why this is happening and what lessons have we learned?
Read the entire article here, How to Protect Against Elasticsearch Ransomware Attacks