Exposed MongoDB instances still targeted in data extortion attacks

A threat actor continues to target exposed MongoDB instances in automated data extortion attacks, demanding low ransoms from owners to restore the data. The attacker focuses on insecure databases due to misconfigurations that permit unrestricted access. Around 1,400 servers have been compromised, with ransom notes demanding approximately $500 in Bitcoin. Researchers at Flare found over 208,500 publicly exposed MongoDB servers, with 3,100 accessible without authentication. The researchers suggest that MongoDB administrators avoid exposing instances to the public unless necessary, use strong authentication, and update to the latest version.