Defending against database ransomware attacks

This report details the rise of "malware-less" database ransomware campaigns in which automated bots scan the Internet for exposed or misconfigured database instances, authenticate via weak/default credentials, copy or delete data using native DB commands, and leave ransom notes or threaten data leaks. It describes commonly targeted systems (MongoDB, PostgreSQL, MySQL, Redis), typical attack flow and indicators (newly created README/RECOVER tables or collections), and recommends network segregation, strong authentication, backups, continuous scanning for exposures and IOCs, and detection controls.