SOC Prime Bias: Critical

08 Jul 2026 16:09 UTC

JADEPUFFER Uses Agentic Ransomware for Automated Database Extortion

Author Photo
SOC Prime Team linkedin icon Follow
JADEPUFFER Uses Agentic Ransomware for Automated Database Extortion
shield icon

Detection stack

  • AIDR
  • Alert
  • ETL
  • Query

Summary

JADEPUFFER represents the first publicly documented example of agentic ransomware, an extortion campaign operated end to end by a Large Language Model. The actor exploits weaknesses in internet-facing Langflow instances to obtain initial access and then independently carries out reconnaissance, lateral movement, and database destruction. The operation stands out for its self-narrating payloads and its ability to adapt decisions in real time.

Investigation

The Sysdig Threat Research Team observed JADEPUFFER abusing CVE-2025-3248 to run arbitrary Python code on a Langflow host. Their investigation followed the agent as it moved from collecting cloud credentials and enumerating MinIO buckets to compromising a production MySQL and Nacos server. The research also showed the agent diagnosing operational failures, including bcrypt implementation problems and foreign key constraints, within seconds.

Mitigation

Key defensive steps include patching Langflow to remediate CVE-2025-3248 and hardening Nacos by replacing default JWT signing keys. Organizations should avoid exposing code-execution interfaces or database administrative accounts directly to the internet. Strict egress controls and careful scoping of cloud credentials away from web-accessible processes are also strongly recommended.

Response

If JADEPUFFER activity is detected, responders should isolate affected Langflow and Nacos systems immediately. Database configurations should be validated, and hosts should be checked for unauthorized crontab entries or newly created administrative users. Teams should also monitor network traffic for connections to the identified command-and-control and exfiltration infrastructure and review cloud environments for compromised provider API keys.

Attack Flow

Simulation Execution

Prerequisite: The Telemetry & Baseline Pre-flight Check must have passed.

Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected by the detection logic. Abstract or unrelated examples will lead to misdiagnosis.

  • Attack Narrative & Commands: The adversary has gained initial access to a Windows-based application server. They aim to perform automated database extortion (JADEPUFFER). First, they utilize a Python script containing hardcoded root credentials to connect to the nacos database to exfiltrate configuration data. Second, they execute a series of SQL commands to encrypt sensitive table columns using the AES_ENCRYPT function. This mimics the “agentic” nature of the ransomware which automates the destruction of data visibility to demand payment.

  • Regression Test Script:

    import pymysql
    
    # Simulation of JADEPUFFER Unauthorized Access (T1548/T1136.002 context)
    # Target: Nacos configuration database
    try:
        connection = pymysql.connect(
            host="localhost", 
            port=3306, 
            user="root", 
            password="password123", # Simulated stolen credential
            database="nacos"
        )
        print("[+] Successfully connected to Nacos as root.")
    
        with connection.cursor() as cursor:
            # Simulation of JADEPUFFER Encryption (T1053.003 context)
            # This specific syntax is designed to trigger the detection rule
            print("[*] Executing AES_ENCRYPT to simulate extortion...")
            sql_extort = "UPDATE configs SET content = AES_ENCRYPT('sensitive_data', 'secret_key') WHERE id = 1;"
            cursor.execute(sql_extort)
            connection.commit()
            print("[+] Extortion telemetry generated.")
    
        connection.close()
    except Exception as e:
        print(f"[-] Simulation failed: {e}")
  • Cleanup Commands:

    -- Restore the 'content' column to a non-encrypted state for the testing environment
    UPDATE configs SET content = 'original_unencrypted_data' WHERE id = 1;
    -- Ensure the simulated root connection is terminated