Sergiu Gatlan reports:
Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored.
Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2, 3, 4]. Attackers looking for exposed database servers using BinaryEdge or Shodan search engines delete them and demand a ransom for their ‘restoration services’.
Read more on Bleeping Computer.