Polecat, a Data Analytics Agency Held to Ransom After Leaving a Server Unsecured
It looks like 30TB of data got exposed, most likely being caused by human error.
30 TB of data were exposed after an unsecured server belonging to a data analytics company was hacked, thus making the company a victim of ransomware.
Who is Polecat?
Polecat is a UK-based agency that offers a combination of advanced data analytics and human expertise, [to help] the world’s largest organizations achieve reputation, risk, and ESG (environmental, social, and governance) management success.
How did this happen?
Polecat left an unsecured ElasticSearch server exposed.
On this server there were some well-protected usernames and hashed passwords belonging to Polecat’s employees, showing the fact that Polecat was compliant with the necessary security measures required to protect its data, and that the server exposure was probably a result of human error.
The Meow attack
A Meow attack replaces the original index with a newly created one with the suffix “-meow”. Usually, there are no ransomware demands or any other explanatory note so it’s believed the attackers are executing these massive attacks just for the fun of it.
It only took a day for the Polecat’s exposed server to be attacked, and on October 30th, a Meow attack was launched against the database by replacing indexes with the suffix ‘gg-meow’, leading to the destruction of swatches of data.
It looks like approximately half of the firm’s records were wiped, and then, in a second wave, a further few terabytes of information were deleted, meaning that 30 TB of data were compromised during the attack.
According to Wizcase, the attack did not end here, a third cyberattacker deleting most of the remaining records and leaving behind a ransom note asking for 0.04 bitcoin to return the stolen data.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
The information exposed was public and could’ve been downloaded to be later sold to competitors, therefore, possibly directly impacting Polecat’s business.
Polecat secured the server as soon they were notified by Wizcase, but the security breach left the attackers enough time to create real damage.