In common with most ransomware attacks, hackers are demanding payment in Bitcoin. The attacks were brought to the public's attention by ethical hacker and security researcher Victor Gevers. Gevers said the attacks started before Christmas, but have significantly increased in volume in the past few weeks.
Hackers use automated scanning tools searching the web for signs of insecure or improperly configured MongoDB systems, he said.
Rob Sobers, director at Varonis said the incident underlined the risk to business if they don't ensure all systems in use remain patched and up-to-date: "Organisations that run web-facing systems are in for a world of hurt if they aren't maniacal about patch management. Ransomware allows attackers to indiscriminately scan for vulnerable systems and encrypt data en masse, yielding a small fortune in bitcoins," he said.
"MongoDB is not unique—OpenSSL, Apache, MySQL, Linux, etc. have all had their fair share of security. We've seen hackers exploit WordPress vulnerabilities that were patched more than 10 years ago. The problem of overexposed data goes behind the public Internet, too. We see the same exact problem behind the corporate firewall.
"It's not uncommon to find hundreds of thousands of sensitive folders with highly sensitive data exposed to every user on the network within the first few minutes of a risk assessment."
Ilia Kolochenko, CEO of web security company High-Tech Bridge added that the firm has been aware of this growing threat and it is clearly now expanding in scope.
"As we can see now, our predictions were right due to a very high economic attractiveness of the attack - victims almost always pay, as it's less expensive than recovering the data. Inevitably, these types of attacks will continue growing in the near future," he said.
"There is nothing in particular companies can do to prevent these attacks, but to maintain an accurate inventory of their digital assets, keep their systems secure and up to date, as well as to implement continuous security monitoring."
At the end of June 2016 MongoDB unveiled its cloud-based NoSQL database-as-a-service offering.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007