Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Português हिन्दी 日本語 汉语 漢語
Computer Security Hackers Asking for Ransom after Wiping Lenovo NAS Devices

Hackers Asking for Ransom after Wiping Lenovo NAS Devices

By Nizel in Computer Security
Translate To:
English

ransomware wipe nas devicesA hacker group going by the name 'Cl0ud SecuritY' is breaking into LenovoEMC network-attached storage devices. They are wiping files and leaving ransom notes to owners, asking for $200 to $275 to access the data.

Attacks were happening for no less than a month, according to entries reported on BitcoinAbuse. The website allows users to report bitcoin abuse with ransomware and other cybercrimes. The attacks were aimed specifically at LenovoEMC/Iomega NAS devices with exposed management interfaces unprotected by a password.

Many NAS devices were found to contain a ransom note called 'RECOVER YOUR FILES !!!!.txt' All the ransom notes were signed with the name 'Cl0ud SecuritY' and the email 'cloud@mail2pay[.]com' as a contact. The attacks recorded over the month of activity when the threat was spotted initially seemed to be connected to attacks that started in 2019, which were aimed at LenovoEMC NAS stations. Although those attacks weren't signed and used a different contact email, there were similarities between the ransom note texts in 2019 and 2020, making researchers believe the same threat actor was involved in both cases.

No Evidence of Victim Data Being Preserved

The hackers claimed to have copied the files of the victims to their servers and threatened to leak the files if a ransom isn't paid in five days. There is no evidence the data had any backups anywhere or that any of the data of past victims were leaked online last year. Based on the evidence found by security researchers, the notes were empty threats, intending to spook victims into paying the ransom demand for the data already wiped by the attackers.

Lenovo discontinued the LenovoEMC and Iomega NAS lines since 2018. A small number of devices are still exposed online, due to the NAS stations being decommissioned by many users around the world. Some NAS devices are still running, and Lenovo offers support on securing these devices for anyone looking to secure their vulnerable data.

The attacks on the LenovoEMC/Iomega NAS devices were not the first targeted NAS devices in the past few years. NAS devices are typically targeted with DDoS malware, but many ransomware gangs also aim at them. The recent attacks are extortion attempts and not ransomware attacks due to the lack of encryption, but data wiping being the primary mechanism involved.

Loading...