Two misconfigured Amazon Web Services-hosted Elasticsearch databases show evidence of a ransomware attack. This is from a Threat Post security article:
“Cloud storage misconfigurations continue to plague the data-privacy space, as evidenced by the new discovery of employment and health information for millions exposed on the web, wide open to any internet passerby.
Two misconfigured cloud databases inadvertently leaked personally identifiable information (PII) in the care of two companies: The Ladders headhunting and job recruitment site, and the SkyMed medical evacuation service. In the latter case, ransomware was found hiding in the mix.
The Ladders property is an Amazon Web Services-hosted Elasticsearch cloud database containing employment information for 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain came across the data, which included names, email addresses, physical addresses and phone numbers. It also included typical resume fare, such as employment history, and in some cases, detailed job descriptions; it also listed security clearances.”