On 5 November 2017, Wapack Labs identified potential targeting of the Elastic Stack (FKA ELK), for potential ransomware or extortion. While only two data points exist, this could suggest the beginning of a trend of attacks against Elastic instances. What is Elastic? The Elastic Stack, previously known as ELK, is an open source alternative to commercial aggregation and analysis tools like Splunk. With over 500,000 new downloads per month and 100M to date, Elastic is one of the largest distributions of analysis and visualization tools for high end analytics. Elastic is a plentiful target.
Wapack Labs has cataloged and reported on potential targeting of analysis tools in the past. An archive of related reporting can be found in the Red Sky Alliance portal.