This hacker group is attacking Lenovo NAS devices and asking for a ransom

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

According to cybersecurity specialists, a group of hackers self-appointed as “Cl0ud SecuritY” is accessing old LenovoEMC (formerly Iomega) network connected storage (NAS) devices, aiming to delete files and leave ransom notes asking admins to pay them between $200 USD and $275 USD to recover access to their data.

The attacks have been reported for a couple of weeks, assures BitcoinAbuse, a platform where users can report compromised Bitcoin addresses being used for ransomware attacks, phishing campaigns and other fraud variants. The attacks seem to be targeting only at LenovoEMC and Iomega NAS implementations, which are exposing their management interface on the Internet without a password.

Lots of the NAS devices found with Shodan Internet scans contained a ransom note saying “RECOVER YOUR FILES!!!!.TXT”. All ransom notes related to this campaign are signed by Cl0ud SecuritY and include the same email address that was used as the contact form ([email protected]).

Attacks recorded over the last weeks appear to be a second stage of the attacks that started during 2019 and have also been targeted exclusively at LenovoEMC NAS stations. Although last year’s attacks were unsigned and no email address was used to contact the hackers, there are lots of similarities between the ransom notes used in both campaigns, so cybersecurity specialists consider the same hacker is behind the two attacks.

According to researcher Victor Gevers, he and his team have been tracking such attacks for years, so they think the recent intrusions are a sample of how sophisticated this malicious actor has become. Gevers added that attackers did not trust a complex feat, as they are targeted devices that were already open on the Internet and did not bother to encrypt the data.

Cl0ud SecuritY hackers claim to have copied the victim’s files to their servers and threatened to leak the files, usually in case the ransom is not paid within five days. However, there is no evidence that the data has been backed up anywhere, nor is there data from previous victims who have made the payment. Gevers also said that attacks on LenovoEMC NAS devices are not new and investigated the incidents since 1998.
The post This hacker group is attacking Lenovo NAS devices and asking for a ransom appeared first on Cyber Security News | Exploit One | Hacking News.

X ITM Cloud News

Ana

Leave a Reply

Next Post

Global and Component Style Settings with CSS Variables

Wed Jul 1 , 2020
Spread the love          The title of this Sara Soueidan article speaks to me. I’m a big fan of the idea that some CSS is best applied globally, and some CSS is best applied scoped to a component. I’m less interested in how that is done and more interested in just seeing […]
X- ITM

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware

.

X ITM