Security News > 2020 > July > MongoDB ransom threats step up from blackmail to full-on wiping
Presumably, the fact that the blackmail message was uploaded to your database - proving that the crooks had write access - is meant to convince you that the crooks definitely also had read access and therefore did indeed steal all your data.
One thing missing from the blackmail message above is the sort of pressure you'd expect in a ransomware attack, namely that you're paying to get your data back because the crooks have wiped or scrambled it.
The ransomware crooks have taken to stealing your data first anyway, and only then scrambling it in place, so they can put double pressure on you to pay up.
Now, the crooks warn you that even if you do have a backup of your own, they'll expose your data anyway and what could have been just an internal ransomware incident will turn into a full-on external data breach incident.
Some cloud services are so easy to set up that your organisation may have online data held by servers you didn't even know about, using cloud accounts set up on someone's personal credit card "As a test".