Database ransom attacks hit couchdb and hadoop servers

For the past week, unknown groups of cyber-criminals have taken control of and wiped data from CouchDB and Hadoop databases, in some cases asking for a ransom fee to return the stolen files, but in some cases, destroying data just for fun.

Security experts that have witnessed the first wave of attacks against MongoDB servers predicted that other database servers would be hit as well.

A week after the initial attacks on MongoDB, ElasticSearch clusters were also hit. Database structure At the time of writing, over 34,000 MongoDB servers and 4,600 ElasticSearch clusters have been held for ransom. Data recovery iso Attacks hit Hadoop servers, but there’s no ransom, just vandalism

Speaking to Bleeping Computer, Gevers said that starting last week, January 12, an unknown attacker going by the name of NODATA4U has been accessing Hadoop data stores, wiping data, and replacing all tables with an entry named “NODATA4U_SECUREYOURSHIT.”

It is unclear at the moment if the sole group of attackers, going by the name r3l4x, are exporting stolen data or are blatantly deleting it, and asking for a ransom anyway.

1st actor #CouchDb ransomware r3l4x@sigaint.org Wallet 1NXMT2qLPeKjjpDsnYtgimJA8X2Y5f2r2 0.2BTC Unknown number of victims pic.twitter.com/hRMvdEK8ZJ

since there are not so many open instances of @couchdb online, sometimes there is a place for joke when dealing with #Ransomware pic.twitter.com/9wtZ3cSRsI

Just like they did for the MongoDB and ElasticSearch attacks, Gevers and Merrigan have put together two Google spreadsheests for tracking the Hadoop and CouchDB attacks.


Two warnings were issued last week regarding ElasticSearch and Hadoop attacks, and Gevers and Merrigan are working with CERT teams to send out one for CouchDB as well.

Their efforts have paid off. Iphone 6 data recovery software “Many critical Hadoop servers were pulled offline last weekend, and a few on Monday,” Gevers told Bleeping Computer.

Since more and more groups are joining the attacks, and targeting more database types, it’s getting harder for the two to keep track of all attacks.

That’s why three other security researchers have joined their efforts. Cpu z database These are Bob Diachenko from the MacKeeper Security Research Center, Matt Bromiley from 505Forensics, and Dylan Katz from GitPrime.

As a final note, users affected by these attacks can reach out to the researchers for help. Data recovery kickass It’s also worth mentioning that in many of these attacks, the perpetrators don’t savea copy of the stolen data in all cases, and many victims paid the ransom without ever recovering their data.

banner