Because Jupyter Notebook is used for data analysis, an attack can do a lot of damage in the absence of backups.
New ransomware written in the Python programming language attacks environments where Jupyter Notebook is used.
Jupyter Notebook is an open source web framework for data virtualization. Modular software is used for data modeling in science, computing and machine learning. The project supports more than forty programming languages and is used by companies such as Microsoft, IBM, Google, etc.
Aqua Security’s Nautilus research team recently discovered malware that uses Jupyter Notebook for its unsightly purposes.
Although Jupyter Notebook allows users to share content with trusted contacts, access to the application must be secured using credentials or tokens. However, just as companies often don’t secure their AWS buckets, they leave their Jupyter Notebook installations unsecured. The new ransomware targeted such installations.
The ransomware operators access the victim’s server, open a terminal, download a set of malicious tools, including a ransomware, and then manually generate a Python script that executes the ransomware. The ransomware copies and encrypts files, deletes all unencrypted content, and then deletes itself. Because Jupyter Notebook is used to analyze data and build data models, an attack can cause great damage to an organization if backups are not made.
Although the researchers were unable to attribute the ransomware to a specific cybercriminal group, they already know the hackers behind it.
Shodan is currently discovering several hundred internet-connected open and accessible Jupyter Notebook environments.