A new wave of ransomware attacks targeting misconfigured and unmaintained instances of MongoDB has been reported, with a single threat identity claiming most of the newly targeted deployments. To address this issue, MongoDB has made several changes to its default configuration settings, including making localhost binding the default for networked connections in release 3.5.7 and incorporating it into the upcoming production-ready 3.6 release. The company has also added warnings to its download center to inform users of the risks associated with non-packaged distributions. Additionally, MongoDB Atlas provides secure infrastructure by default, ensuring that users' instances are configured for security best practices. To aid in safe deployment, MongoDB offers freely available guides and resources, including a Security Checklist, daily security tests, and online courses through MongoDB University.