You are here: / News / Elasticsearch Servers Being Wiped out in MongoDb Style Ransom Attacks

Elasticsearch Servers Being Wiped out in MongoDb Style Ransom Attacks

Elasticsearch servers



Just as victims are coming to terms with their MongoDB databases being hit with mass random attacks, Elasticsearch servers have become victim to the MongoDB inspired mass attacks.

Elasticsearch is a Java based search engine popularly used in the enterprise space for information cataloging and data analysis.

The Attacks Against Elasticsearch Servers

Within three days close to three thousand insecure servers had been wiped out after hackers took over the systems. With more than 34,000 unsecured servers still open to the Internet, this is proving to be another gold mine for ransom demanding hackers and coordinated hoaxes.

Read Also  LLVM 4.0.0 Release is now Available for Download

According to a Twit by John Matherly, founder of Shodan, the world’s first search engine for Internet-connected devices. Of the close to the 35,000 exposed Elasticsearch servers, majority of them are hosted on Amazon Web Services infrastructure.

The hackers are taking over these servers by using tools and online services to detect open servers with no authentication at all. This is possible as like MongoDB databases and Elasticsearch servers allow configurations without authentication.

Read Also  Kotlin 1.0.2 Update is now Available

0.2 Bitcoins (BTC) is the going rate for the ransoms but all bets are off that this figure could rise. It is also not a guarantee that paying the ransom will get your data restored. In short attackers are taking advantage of the situation to play hoaxes on the victims.

Systems Admins and DevOps more than ever need to be proactive in the securing of their online facing services. One can always use services like Shodan to scan their public IP addresses to see what the attackers could potentially have access to.