Ongoing coverage of wide-scale ransom attack in progress: How to protect Internet-facing data stores

A new trend of ransom attacks has emerged on the internet, initially affecting MongoDB installations but now expanding to include Elasticsearch clusters and potentially other technologies. Over 34,000 MongoDB databases have been erased, while over 1,600 Elasticsearch instances have been compromised. The most at-risk technologies currently are MongoDB, Elasticsearch, Redis, Cassandra, and Hadoop. To prevent these attacks, users should perform backups of their data, configure authentication on datastores if available, reconfigure environments to isolate datastores from the internet, restrict access via IP white-lists, and conduct immediate adversarial assessment of their internet perimeter.