Harak1r1, a known hacker is attacking the non-password protected installations of MongoDB. After attacking the hacker is wiping the contents of the installations and installing a ransom note, according to a report from IT Pro.
These attacks have been going on for many weeks and the most likely targets are running on AWS. About 2,000 databases have been attacked so far. Administrators are encouraging users to upgrade to the newest version of MongoDB.