An ethical hacker working for the Dutch government has raised the alarm about hackers targeting the vulnerable databases according to this BBC report
"Mr Gevers said the attacks started before Christmas but had accelerated once the holiday period was over. Hackers were using automated scanning tools scouring the net for the telltale signature of unsecured MongoDB systems."
Mr Gevers is racing to warn administrators of vulnerable systems to turn off net access to avoid falling victim.
"I am being flooded with requests for help," he said, adding that the number of systems hit by attackers had now exceeded 5,000. Victims include hospitals, small businesses and educational institutions.
Web security company High-Tech Bridge first identified this type of attack in 2015 and coined the phrase ransomweb: https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html
Ilia Kolochenko, CEO of web security company High-Tech Bridge says: "We noticed the first usage of this particular branch of ransomware attacks in early 2015, and predicted that it will grow in the future.
As we can see now, our predictions were right due to a very high economic attractiveness of the attack - victims almost always pay, as it's less expensive than recovering the data. Inevitably, these types of attacks will continue growing in the near future.
There is nothing in particular companies can do to prevent these attacks, but to maintain an accurate inventory of their digital assets, keep their systems secure and up2date, as well as to implement continuous security monitoring."