Enfilade: Detecting Ransomware Infections in MongoDB

Challenge: Increase in Ransomware infections in MongoDB instances

As part of ongoing research, let’s quickly look into a snippet of live MongoDB ransomware infections. The list is not exhaustive but gives you an insight into the problem.

Attackers are targeting MongoDB instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MongoDB instances and trigger infections at scale to exfiltrate data, destruct data, and extort money via ransom. For example one of the significant threats MongoDB deployments is facing is ransomware. During this talk, we will release a tool named “ENFILADE” to detect potential infections in MongoDB instances. The tool allows security researchers, penetration testers, and threat intelligence experts to detect compromised and infected MongoDB instances running malicious code. The tool also enables you to conduct efficient research in the field of malware targeting cloud databases.

Enfilade tool is available at: https://github.com/adityaks/enfilade

Check the tool slides below:

Enfilade Overview

Note: This is the first release of the tool and we expect to add more modules in the nearby future. This work is done in collaboration with the Research Team at the Office of the CTO, F5 (https://www.f5.com/company/octo)





Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Utilize an Incident Response (IR) Plan

Cybersecurity and Privacy Must Both Be Fundamental Rights

{UPDATE} Black Tap Piano Hack Free Resources Generator

Apply now for the position of Senior Account Executive https://t.co/n1b1mhpbGU

Best Free Anti-Virus for 2022

{UPDATE} Daily Word Search Hack Free Resources Generator

Alarm management for all cases

Improve SOHO BCP and security with a low-cost out-of-band solution

Example of OOB solution for small/home office

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya K Sood

Aditya K Sood

More from Medium

Let’s play a game: Hack the Juice Shop


[Wireshark]How to detect clear-text traffic using Wireshark.

Leverage Idempotent, Declarative Profiles with the NSX-ALB (Avi) REST API