Researchers found more than 1,200 cloud-based Elasticsearch databases that had been wiped. Attackers left behind a ransom note demanding a Bitcoin payment to get the data restored. The average ransom demand was $620, payable to one of two Bitcoin wallets being used by attackers. The threat actor probably used an automated script to identify the vulnerable databases, wipe the data, and drop the ransom note, Secureworks says. Data exposure is one obvious risk, not least if the information being stored is sensitive.”]
Source: https://www.cuinfosecurity.com/held-to-ransom-1200-unsecured-elasticsearch-databases-a-19177