An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back. These attacks are able to occur because the MongoDB database is not properly secured. These hijacks work by attackers scanning the Internet or using services such as Shodan.io to search for MongoDB servers. Once connected, the attackers may export the databases, delete them, then create a ransom note explaining how to get them back. The ransom note for the Mongo Lock attack reads: “If you want to decrypt your database
Source: security