January 26, 2017 at 18:13

Crypto ransomware sells a tool to attack systems using MongoDB, Hadoop and ElasticSearch

    image

    In early January of this year, a group of 21 hackers conducted a large-scale series of cyber attacks , the victims of which were systems using MongoDB. For five days, about 21,600 MongoDB databases were infected, and only attackers calling themselves the Kraken Group received ransom amounts of 9.8 BTC (about $ 7,700).

    But even after actively opposing the attack and covering the problem in the foreign professional press and blogosphere, hackers are not going to stop. By the end of January, everyone who wanted to pay had paid, but the group was not going to stop.

    After the main wave of ransoms dried up, and in the ranks of the hackers themselves there was confusion on the topic “who and what infected”, the Kraken Group decided to make some extra money and the hackers started selling the toolwith which they attacked the databases. The cost of the script is only $ 200. At the same time, the size of the database buyback from the attackers was 0.2 BTC or about $ 184.

    selling Kraken Mongodb ransomware c # source code

    price: 200USD in bitcoins

    This [EXPLETIVE] is very fast Multi-Threaded can handle 1000+ ips per second and way more if you got powerful 10GBs port
    CPU load is very low, RAM is important if you have big ip list (included with source code)

    what you'll get:
    * kraken source code
    * 100,000 ip list with mongodb open
    * mass mongodb scanner to scan the whole internet ip range for open mongodbs

    Announcement of sale on Pastebin

    In total, according to ZoomEye statistics, there are about 100,000 open systems on the network that use MongoDB, the IP addresses of which are offered along with the tool. Kraken Group infected almost a fifth of them. They couldn’t get to someone physically, some of the administrators took measures to ensure the security of the system when the attack became widely known.

    The attack was on open bases that were found on the network by parsing. That is, the attackers do not exploit the vulnerability in the database itself, but only the laziness of the administrators. About a week ago, hackers added a scan of open databases to Hadoop and ElasticSearch in the script.

    If you are an administrator of one of these databases, make sure that they are reliably protected.
    Tags:

    Also popular now: