Researcher warns of elasticsearch clusters held hostage
Niall Merrigan, one of the security researchers who reported this month about ransoming MongoDB databases, warns that attackers are now targeting servers running Elasticsearch. They use the same method and demand a ransom for restoring files.
Merrigan reports that there are currently about six hundred Elasticsearch servers held hostage. According to Shodan search engine founder John Matherly, are there are a total of 35,000 servers that can be accessed via the internet. This mainly concerns versions of Elasticsearch that run on AWS servers. In this case, the attackers also ask 0.2 bitcoin as payment for restoring the data, which amounts to about 153 euros.
This method was previously used with MongoDB databases, which attackers can access due to lack of or lack of security. The number of databases held hostage was about 27,000 at the beginning of this week and has risen to about 34,000 during the week. This has slowed down the initially rapid growth in the number of databases held hostage.
Elasticsearch is software with which large amounts of data can be stored and searched. The organization behind it warns in its own message that attacks are taking place and offers users an explanation about how to secure their installation. Developer Itamar Syn-Hershko has dedicated a blog post to securing Elasticsearch in response to the attacks.