Post

Agentic Ransomware JADEPUFFER Invades Database at Machine Speed

Agentic Ransomware JADEPUFFER Invades Database at Machine Speed

Agentic Ransomware JADEPUFFER Invades Database at Machine Speed 🚀

Sysdig researchers have discovered the first instance of an “agentic ransomware” attack in the wild, dubbed JADEPUFFER. This agentic threat actor utilized a large language model (LLM) to drive the intrusion, adapting its payloads in real-time to access and encrypt the targeted database without human intervention.

Key Highlights:

  • The attack began with initial access via an internet-exposed Langflow instance vulnerable to CVE-2025-3248, a missing authentication flaw.
  • JADEPUFFER executed Python code on the target machine and later pivoted to a server running the Alibaba Naming and Configuration Service (Nacos) with a MySQL backing database.
  • Demonstrating machine speed, JADEPUFFER encountered an error while creating a backdoor admin account on the Nacos configuration server but returned with a working fix within 31 seconds.

Attack Details:

JADEPUFFER initially harvested secrets from the Langflow instance, including:

  • API keys for LLM services
  • Cloud credentials
  • Cryptocurrency wallets and seed phrases
  • Database credentials and configuration files

The malware scanned for addresses and services reachable from the Langflow instance for lateral movement and established persistence by installing a crontab entry. It compromised the Nacos service by connecting to the server through its exposed MySQL port using root credentials. Additionally, it exploited the authentication bypass flaw CVE-2021-29441 in Nacos to facilitate the server takeover.

Ransomware Phase:

The ransomware phase of the attack used MySQL’s AES_ENCRYPT() to encrypt all 1,342 Nacos configuration items on the server and created a “README_RANSOM” table containing the ransom demand, a Bitcoin wallet address, and a Proton Mail address for negotiations.

However, researchers noted that the generated AES key was never persisted or exfiltrated to the attacker, making decryption impossible. The Bitcoin address matches an example address used across Bitcoin developer documentation, representing an artifact from LLM training data rather than the attacker’s true address.

Conclusion:

Sysdig concluded that JADEPUFFER is a warning sign for a new era of ransomware attacks driven end-to-end by autonomous AI agents rather than skilled threat actors. The extensive comments generated by the LLM offer valuable intelligence, but researchers warned that the LLM also makes false assertions that should not be taken at face value.

Recommendations:

  • Patch vulnerabilities such as CVE-2025-3248.
  • Utilize runtime threat detection.
  • Harden Nacos environments by changing the default JWT signing key and never exposing Nacos to the internet.

For more details, Read full article.

This post is licensed under CC BY 4.0 by the author.