Security researchers found more than 1,200 cloud-based Elasticsearch databases that had been wiped. Attackers left behind a ransom note demanding a Bitcoin payment in return for the data getting restored. The average ransom demand was $620, payable to one of two Bitcoin wallets being used by attackers. The threat actor probably used an automated script to identify the vulnerable databases, wipe the data, and drop the ransom note. Data exposure is one obvious risk, not least if the information being stored is sensitive or subject to compliance requirements.”]
Source: https://www.databreachtoday.com/held-to-ransom-1200-unsecured-elasticsearch-databases-a-19177