Cryptographers sell tools to attack systems using MongoDB, Hadoop and ElasticSearch

In early January of this year, a group of 21 hackers conducted a large-scale series of cyber attacks , the victims of which were systems using MongoDB. In five days, about 21,600 MongoDB databases were infected, and only attackers who call themselves Kraken Group received ransoms worth 9.8 BTC (about $ 7,700).

But even after actively resisting the attack and covering the problem in the foreign professional press and blogosphere, hackers are not going to stop. By the end of January, everyone who wanted to pay, paid, but the group is not going to stop.

After the main wave of ransoms dried up, and in the ranks of the hackers themselves, the confusion on the subject “who infected what” began, the Kraken Group decided to make some extra money and the hackers started selling the tool with which they attacked the databases. The cost of the script is only $ 200. At the same time, the size of the database ransom from intruders was 0.2 BTC or about $ 184.
')

selling Kraken Mongodb ransomware c # source code

price: 200USD in bitcoins

This [EXPLETIVE] is very fast Multi-Threaded can handle 1000+ ips per second 10
CPU load is very low, RAM is important if you have a big ip list (included with source code)

what you'll get:
* kraken source code
* 100,000 ip list with mongodb open
* mongodbs mass mongodb

Pastebin sale ad

In total, according to ZoomEye statistics, there are about 100,000 open systems on the network that use MongoDB, the IP addresses of which are offered along with the tool. Kraken Group has infected almost a fifth of them. They could not reach someone physically, some of the administrators took steps to ensure the security of the system when it became widely known about the attack.

Attacks were exposed to open databases that were found on the network by parsing. That is, the attackers do not exploit the vulnerability in the database itself, but only lazy administrators. About a week ago, hackers added a scan of open databases to Hadoop and ElasticSearch to the script.

If you are the administrator of one of these databases, make sure that they are protected.