{"id":3969,"date":"2017-01-16T16:02:12","date_gmt":"2017-01-16T21:02:12","guid":{"rendered":"http:\/\/local.brightwhiz\/?p=3969"},"modified":"2017-01-16T16:02:12","modified_gmt":"2017-01-16T21:02:12","slug":"elasticsearch-servers-ransom-attacks","status":"publish","type":"post","link":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/","title":{"rendered":"Elasticsearch Servers Being Wiped out in MongoDb Style Ransom Attacks"},"content":{"rendered":"<p>Just as victims are coming to terms with their <a href=\"http:\/\/local.brightwhiz\/ransomware-mongodb-databases\/\">MongoDB databases being hit<\/a> with mass random attacks, <a href=\"\/\/local.brightwhiz\/tag\/elasticsearch\/\">Elasticsearch<\/a> servers have become victim to the <a href=\"\/\/local.brightwhiz\/tag\/mongodb\/\">MongoDB<\/a> inspired mass attacks.<!--more--><\/p>\n<p>Elasticsearch is a <a href=\"\/\/local.brightwhiz\/tag\/java\/\">Java<\/a> based search engine popularly used in the enterprise space for information cataloging and data analysis.<\/p>\n<h2>The Attacks Against Elasticsearch Servers<\/h2>\n<p>Within three days close to three thousand insecure servers had been wiped out after <a href=\"\/\/local.brightwhiz\/tag\/hackers\/\">hackers <\/a>took over the systems. With more than 34,000 unsecured servers still open to the <a href=\"\/\/local.brightwhiz\/tag\/internet\/\">Internet<\/a>, this is proving to be another gold mine for ransom demanding hackers and coordinated hoaxes.<\/p>\n<p>According to a Twit by John Matherly, founder of <a href=\"https:\/\/www.shodan.io\/\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">Shodan<\/a>, the world&#8217;s first search engine for Internet-connected devices. Of the close to the 35,000 exposed Elasticsearch servers, majority of them are hosted on Amazon Web Services infrastructure.<\/p>\n<p>The hackers are taking over these servers by using tools and online services to detect open servers with no authentication at all. This is possible as like MongoDB <a href=\"\/\/local.brightwhiz\/tag\/database\/\">databases<\/a> and Elasticsearch servers allow configurations without authentication.<\/p>\n<p>0.2 <a href=\"\/\/local.brightwhiz\/tag\/bitcoin\/\">Bitcoins<\/a> (BTC) is the going rate for the ransoms but all bets are off that this figure could rise. It is also not a guarantee that paying the ransom will get your data restored. In short attackers are taking advantage of the situation to play hoaxes on the victims.<\/p>\n<p>Systems Admins and DevOps more than ever need to be proactive in the securing of their online facing services. One can always use services like Shodan to scan their public IP addresses to see what the attackers could potentially have access to.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just as victims are coming to terms with their MongoDB databases being hit with mass random attacks, Elasticsearch servers have become victim to the MongoDB inspired mass attacks.<\/p>\n","protected":false},"author":1,"featured_media":3970,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[98,177,180,215,288,313,320,384,497,526,531,543],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>MongoDb Style Mass Ransom Attacks Hit Elasticsearch Servers<\/title>\n<meta name=\"description\" content=\"Thousands of unsecured Elasticsearch servers hit with MongoDb database mass ransom attacks seeing all their data wiped out in exchange for Bitcoin payouts\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MongoDb Style Mass Ransom Attacks Hit Elasticsearch Servers\" \/>\n<meta property=\"og:description\" content=\"Thousands of unsecured Elasticsearch servers hit with MongoDb database mass ransom attacks seeing all their data wiped out in exchange for Bitcoin payouts\" \/>\n<meta property=\"og:url\" content=\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightwhiz.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/brightwhiz\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-16T21:02:12+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Bright\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:site\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Bright\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/\"},\"author\":{\"name\":\"Michael Bright\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\"},\"headline\":\"Elasticsearch Servers Being Wiped out in MongoDb Style Ransom Attacks\",\"datePublished\":\"2017-01-16T21:02:12+00:00\",\"dateModified\":\"2017-01-16T21:02:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/\"},\"wordCount\":270,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg\",\"keywords\":[\"Bitcoin\",\"Data\",\"Database\",\"Elasticsearch\",\"Hackers\",\"InfoSec\",\"Internet\",\"MongoDB\",\"Ransomware\",\"Security\",\"Server\",\"Software Design\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/\",\"url\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/\",\"name\":\"MongoDb Style Mass Ransom Attacks Hit Elasticsearch Servers\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg\",\"datePublished\":\"2017-01-16T21:02:12+00:00\",\"dateModified\":\"2017-01-16T21:02:12+00:00\",\"description\":\"Thousands of unsecured Elasticsearch servers hit with MongoDb database mass ransom attacks seeing all their data wiped out in exchange for Bitcoin payouts\",\"breadcrumb\":{\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg\",\"width\":1200,\"height\":630,\"caption\":\"Elasticsearch servers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/local.brightwhiz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Elasticsearch Servers Being Wiped out in MongoDb Style Ransom Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/local.brightwhiz\/#website\",\"url\":\"http:\/\/local.brightwhiz\/\",\"name\":\"Brightwhiz.com\",\"description\":\"Best Tech guides, Tutorials, and News\",\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/local.brightwhiz\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/local.brightwhiz\/#organization\",\"name\":\"Brightwhiz\",\"url\":\"http:\/\/local.brightwhiz\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"width\":706,\"height\":135,\"caption\":\"Brightwhiz\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/brightwhiz\/\",\"https:\/\/twitter.com\/brightwhizmag\",\"https:\/\/instagram.com\/bright_whiz\/\",\"https:\/\/www.pinterest.com\/sobbayi\/\",\"https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\",\"name\":\"Michael Bright\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"caption\":\"Michael Bright\"},\"sameAs\":[\"https:\/\/sobbayi.com\"],\"url\":\"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MongoDb Style Mass Ransom Attacks Hit Elasticsearch Servers","description":"Thousands of unsecured Elasticsearch servers hit with MongoDb database mass ransom attacks seeing all their data wiped out in exchange for Bitcoin payouts","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/","og_locale":"en_US","og_type":"article","og_title":"MongoDb Style Mass Ransom Attacks Hit Elasticsearch Servers","og_description":"Thousands of unsecured Elasticsearch servers hit with MongoDb database mass ransom attacks seeing all their data wiped out in exchange for Bitcoin payouts","og_url":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/","og_site_name":"Brightwhiz.com","article_publisher":"https:\/\/www.facebook.com\/brightwhiz\/","article_published_time":"2017-01-16T21:02:12+00:00","og_image":[{"width":1200,"height":630,"url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg","type":"image\/jpeg"}],"author":"Michael Bright","twitter_card":"summary_large_image","twitter_creator":"@brightwhizmag","twitter_site":"@brightwhizmag","twitter_misc":{"Written by":"Michael Bright","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#article","isPartOf":{"@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/"},"author":{"name":"Michael Bright","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32"},"headline":"Elasticsearch Servers Being Wiped out in MongoDb Style Ransom Attacks","datePublished":"2017-01-16T21:02:12+00:00","dateModified":"2017-01-16T21:02:12+00:00","mainEntityOfPage":{"@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/"},"wordCount":270,"commentCount":0,"publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"image":{"@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg","keywords":["Bitcoin","Data","Database","Elasticsearch","Hackers","InfoSec","Internet","MongoDB","Ransomware","Security","Server","Software Design"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/","url":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/","name":"MongoDb Style Mass Ransom Attacks Hit Elasticsearch Servers","isPartOf":{"@id":"http:\/\/local.brightwhiz\/#website"},"primaryImageOfPage":{"@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage"},"image":{"@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg","datePublished":"2017-01-16T21:02:12+00:00","dateModified":"2017-01-16T21:02:12+00:00","description":"Thousands of unsecured Elasticsearch servers hit with MongoDb database mass ransom attacks seeing all their data wiped out in exchange for Bitcoin payouts","breadcrumb":{"@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#primaryimage","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/ElasticSearch.jpg","width":1200,"height":630,"caption":"Elasticsearch servers"},{"@type":"BreadcrumbList","@id":"http:\/\/local.brightwhiz\/elasticsearch-servers-ransom-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/local.brightwhiz\/"},{"@type":"ListItem","position":2,"name":"Elasticsearch Servers Being Wiped out in MongoDb Style Ransom Attacks"}]},{"@type":"WebSite","@id":"http:\/\/local.brightwhiz\/#website","url":"http:\/\/local.brightwhiz\/","name":"Brightwhiz.com","description":"Best Tech guides, Tutorials, and News","publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/local.brightwhiz\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"http:\/\/local.brightwhiz\/#organization","name":"Brightwhiz","url":"http:\/\/local.brightwhiz\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","width":706,"height":135,"caption":"Brightwhiz"},"image":{"@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/brightwhiz\/","https:\/\/twitter.com\/brightwhizmag","https:\/\/instagram.com\/bright_whiz\/","https:\/\/www.pinterest.com\/sobbayi\/","https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ"]},{"@type":"Person","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32","name":"Michael Bright","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","caption":"Michael Bright"},"sameAs":["https:\/\/sobbayi.com"],"url":"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/"}]}},"_links":{"self":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/3969"}],"collection":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/comments?post=3969"}],"version-history":[{"count":0,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/3969\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media\/3970"}],"wp:attachment":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media?parent=3969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/categories?post=3969"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/tags?post=3969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}