JADEPUFFER Uses Agentic Ransomware for Automated Database Extortion
Detection stack
- AIDR
- Alert
- ETL
- Query
Summary
JADEPUFFER represents the first publicly documented example of agentic ransomware, an extortion campaign operated end to end by a Large Language Model. The actor exploits weaknesses in internet-facing Langflow instances to obtain initial access and then independently carries out reconnaissance, lateral movement, and database destruction. The operation stands out for its self-narrating payloads and its ability to adapt decisions in real time.
Investigation
The Sysdig Threat Research Team observed JADEPUFFER abusing CVE-2025-3248 to run arbitrary Python code on a Langflow host. Their investigation followed the agent as it moved from collecting cloud credentials and enumerating MinIO buckets to compromising a production MySQL and Nacos server. The research also showed the agent diagnosing operational failures, including bcrypt implementation problems and foreign key constraints, within seconds.
Mitigation
Key defensive steps include patching Langflow to remediate CVE-2025-3248 and hardening Nacos by replacing default JWT signing keys. Organizations should avoid exposing code-execution interfaces or database administrative accounts directly to the internet. Strict egress controls and careful scoping of cloud credentials away from web-accessible processes are also strongly recommended.
Response
If JADEPUFFER activity is detected, responders should isolate affected Langflow and Nacos systems immediately. Database configurations should be validated, and hosts should be checked for unauthorized crontab entries or newly created administrative users. Teams should also monitor network traffic for connections to the identified command-and-control and exfiltration infrastructure and review cloud environments for compromised provider API keys.
Attack Flow
Detections
Possible Crontab Usage for Direct Execution (via cmdline)
View
Suspicious File Or Directory in Linux /tmp Folder (via file_event)
View
JADEPUFFER Ransomware Database Extortion Detection [Windows Process Creation]
View
Langflow Unauthenticated RCE and Cron Persistence Detection [Linux Process Creation]
View
Simulation Execution
Prerequisite: The Telemetry & Baseline Pre-flight Check must have passed.
Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected by the detection logic. Abstract or unrelated examples will lead to misdiagnosis.
-
Attack Narrative & Commands: The adversary has gained initial access to a Windows-based application server. They aim to perform automated database extortion (JADEPUFFER). First, they utilize a Python script containing hardcoded root credentials to connect to the
nacosdatabase to exfiltrate configuration data. Second, they execute a series of SQL commands to encrypt sensitive table columns using theAES_ENCRYPTfunction. This mimics the “agentic” nature of the ransomware which automates the destruction of data visibility to demand payment. -
Regression Test Script:
import pymysql # Simulation of JADEPUFFER Unauthorized Access (T1548/T1136.002 context) # Target: Nacos configuration database try: connection = pymysql.connect( host="localhost", port=3306, user="root", password="password123", # Simulated stolen credential database="nacos" ) print("[+] Successfully connected to Nacos as root.") with connection.cursor() as cursor: # Simulation of JADEPUFFER Encryption (T1053.003 context) # This specific syntax is designed to trigger the detection rule print("[*] Executing AES_ENCRYPT to simulate extortion...") sql_extort = "UPDATE configs SET content = AES_ENCRYPT('sensitive_data', 'secret_key') WHERE id = 1;" cursor.execute(sql_extort) connection.commit() print("[+] Extortion telemetry generated.") connection.close() except Exception as e: print(f"[-] Simulation failed: {e}") -
Cleanup Commands:
-- Restore the 'content' column to a non-encrypted state for the testing environment UPDATE configs SET content = 'original_unencrypted_data' WHERE id = 1; -- Ensure the simulated root connection is terminated