New Ransomware Attacks Jupyter Notebook Environments

A new ransomware written in the Python programming language attacks environments where Jupyter Notebook is used.

Jupyter Notebook is an open source web environment for data virtualization. Modular software is used for data modeling in science, computer computing and machine learning. The project supports more than forty programming languages and is used by companies such as Microsoft, IBM, Google, etc.

Aqua Security’s Nautilus research team recently discovered malware using Jupyter Notebook for its unsightly purposes.

Although Jupyter Notebook allows users to share content with trusted contacts, access to the app must be secured with credentials or tokens. However, just as companies often do not ensure proper security of their AWS buckets, they also leave their Jupyter Notebook installations unprotected. A new extortionate program aimed at such installations.

Ransomware operators gain access to the victim’s server, open a terminal, download a set of malicious tools, including an encryptor, and then manually generate a Python script that executes the ransomware. The encryptor copies and encrypts files, deletes all unencrypted content, and then deletes itself. Since Jupyter Notebook is used to analyze data and build data models, an attack can cause great damage to an organization if backups have not been made.

Although the researchers failed to attribute the extortionate software to a specific cybercrime group, they already know the hackers behind it.

Shodan is currently detecting several hundred open and accessible Jupyter Notebook environments connected to the Internet.