Hackers are targeting Elasticsearch clusters with ransom attacks in the same way they have made with MongoDB. Elasticsearch is a Java-based search engine based on the free and open-source information retrieval software library Lucene. Experts suggest disabling features that users dont need such as dynamic scripting with non-sandboxed languages (mvel, groovy) used in old versions of Elasticsearch. The number of internet-accessible Elasticsearch installs are much greater, roughly 35,000.”]
Source: https://securityaffairs.co/wordpress/55327/hacking/elasticsearch.html