Mere days after thousands of MongoDB databases were hit by ransomware attacks Attack.Ransom , cybercriminals have set their sights on ElasticSearch servers , according to reports . Hackers have reportedly hijacked insecure servers exposed Vulnerability-related.DiscoverVulnerability to the internet with weak and easy-to-guess passwords . ElasticSearch is a Java-based search engine , commonly used by enterprises for information cataloguing and data analysis . According to security researcher Niall Merrigan , who has been monitoring the attacks Attack.Ransom , the cybercriminals are currently closing in on around 3,000 ElasticSearch servers . Merrigan told IBTimes UK : `` We found the first one on the 12th of Jan and then started tracking the different IOCs ( Indicators Of Compromise ) . The first actor has levelled off and looks like it has stopped . However , a second and third actor have joined in and are continuing to compromise servers . `` Attackers are finding open servers where there is no authentication at all . This can be done via a number of services and tools . Unfortunately , system admins and developers have been leaving these unauthenticated systems online for a while and attackers are just picking off the low hanging fruit right now . '' The recent MongoDB attacks Attack.Ransom saw hackers demand ransom Attack.Ransom and erasing data to ensure victims ' compliance . In the ongoing ElasticSearch attacks Attack.Ransom , the cybercriminals demand a ransom Attack.Ransom of 0.2 Bitcoins , according to a report by BleepingComputer . However , according to Merrigan , $ 20,000 in Bitcoins have already been paid Attack.Ransom by victims of the MongoDB attack Attack.Ransom . Despite paying the ransom Attack.Ransom , the victims have not received their data back . `` So in this case it is a scam , '' the researcher said .