Do you have a firewall up, making sure all incoming connections except ssh is denied?

Make sure you have firewall up and running. The most common options are ufw or DigitalOcean Cloud Firewalls.
Choose one – Both provide the same functionality, ufw works as a software firewall on your Droplet while Cloud Firewall is sort of “hardware” firewall.

Never expose database (in your case MonogoDB) directly. If you need to access data from the Internet, it’s recommended to create an API.

Beside Firewall, use SSH keys instead of password for SSH logins. Step Four and Five of the Initial Set Up tutorial cover this.
You can also set up fail2ban to additionally protect your server against brute-force attack.

Check out the 7 Security Measures to Protect Your Servers article. It has good recommendations on how to additionally secure your Droplet.

I guess there’s no way to recover your data beside paying for it, but it’s still not guaranteed that you will receive your data back.