[BreachExchange] Data Analytics Agency Polecat Held To Ransom After Server Exposed 30TB Of Records

Destry Winant destry at riskbasedsecurity.com
Fri Mar 5 11:29:58 EST 2021


https://www.ehackingnews.com/2021/03/data-analytics-agency-polecat-held-to.html

On October 29, 2020, the Wizcase CyberResearch Team which was lead by
Ata Hakcil has discovered that the server ‘Elasticsearch’ which is
being owned by Polecat company, displayed about 30TB of record data on
the website without any authentication required to access the records
or any other form of encryption in place.

A UK-based data agency ‘Polecat’ that provides “a combination of
advanced data analytics and human expertise, [to help] the world’s
largest organizations achieve reputation, risk, and ESG
(environmental, social, and governance) management success” its
official website reads.

Researchers team had found records dating back to 2007 containing
important information including employees’ usernames and passwords,
social media records, around 6.5 billion tweets, and around one
billion posts that generated from independent websites and blogs.

Polecat’s cyber research team ‘Chase Williams’ has reported its
discovery in a blog post which has been published on First March of
2021.

The public information collected by the Polecat organization is
gleaned on a foundation of daily happening events including subjects
such as Covid-19, politicians, firearms, racism, and healthcare.
Polecat was warned by the Wizcase research team about the data ransom
on October 30 and the first of November 2020. Nevertheless, it just
takes some seconds for an open unsecured server or bucket to be traced
and exploited by malicious actors – and this took place a day after
the researcher’s findings.

“On October 30, a Meow attack was launched against the database. Meow
attacks replace database indexes with the suffix ‘gg-meow’, leading to
the destruction of swathes of data” Wizcase said.

Additionally, it added “approximately half of the firm’s records were
wiped, and then in a second wave a further few terabytes of
information were deleted. At this point, roughly 4TB remained in the
server. Most of these records were then destroyed and a ransom note
was spotted by the researchers that demanded 0.04 Bitcoin (BTC) –
roughly $550 at the time – in return for the files’ recovery”.

Wizcase research team has warned against these types of scams by
saying that it is very essential to note that these types of
cyberattacks are usually automated and sent to many unprotected open
databases.


More information about the BreachExchange mailing list