P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers.
Our prod exposed Redis until I noticed. Apparently we had to reset caches after releases, and our devOPs forgot to remove access to it after creating scripts to handle that.
It happens, but it really shouldn't. At least ours was at a different subdomain (something like app-region-redis.domain.com or whatever).