Security Researcher Bob Diachenko
While it's not clear who owns the database, the problematic MongoDB instance is running in an Amazon AWS environment. The database was discovered on May 1 (it was indexed in Shodan on April 23). It is noteworthy that already on May 8, unknown attackers encrypted the available data and began to demand a ransom from the owner for decryption.
Source: opennet.ru