After MongoDB, ransomware groups hit exposed Elasticsearch clusters
After deleting data from thousands of publicly accessible MongoDB databases, ransomware groups have started doing the same with Elasticsearch clusters that are accessible from the internet and are not properly secured.
Elasticsearch is a Java-based search engine that’s popular in enterprise environments. It’s typically used in conjunction with log collection and data analytics and visualization platforms.
The first report of an Elasticsearch cluster being hit by ransomware appeared on the official support forums on Thursday from a user who was running a test deployment accessible from the internet.