ZDNet reports that environments leveraging the Jupyter notebook open source web environment are being targeted by a novel Python ransomware strain.
Organizations with vulnerable environments are the focus of the new ransomware strain, according to researchers at Aqua Security's Team Nautilus. Attackers were able to obtain server access, open a terminal, and download encryptors and other malicious tools prior to manually generating a Python script that enabled ransomware execution. The report also revealed the encryptor's file copying and encryption capabilities, as well as its ability to delete unencrypted content and facilitate self-deletion.
"The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack. Since Jupyter notebooks are used to analyze data and build data models, this attack can lead to significant damage to organizations if these environments aren't properly backed up," said researchers.
The program that kicked off last year is going global, with applicants judged based on criteria including location, size of district and current security posture in an attempt to maximize their effort.