A five-year study by the Ransomnews Research Team identified that 30,515 out of 65,907 exposed databases were compromised through ransom demands, causing considerable data loss despite few victims paying. Exposed databases, particularly MongoDB and MySQL, showed high ransom rates, with 99% of those investigated carrying ransom notes. The research noted that attackers rarely received payments, highlighting a low return on their efforts.
Despite the number of ransom-marked databases increasing dramatically from 2021 to 2026, the overall extortion operation appeared limited, involving a few groups using common templates and disposable emails. Recommendations include securing databases to prevent exposure, as the risk of compromise is almost certain once a database is exposed.