Show vulnerabilities with patch / with exploit
30 June 2020

Cl0ud SecuritY hackers are wiping Lenovo NAS devices, demanding ransom


Cl0ud SecuritY hackers are wiping Lenovo NAS devices, demanding ransom

A hacker group known as “Cl0ud SecuritY” is compromising discontinued LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, deleting files and leaving ransom notes behind with ransom demands varying from $200 to $275, ZDNet reports.

The attacks have been occurring since last month and appear to target only LenovoEMC/Iomega NAS devices with exposed management interface. ZDNet said it was able to identify nearly 1,000 exposed devices using Shodan, and many of them contained a ransom note named "RECOVER YOUR FILES !!!!.txt" signed by the Cl0ud SecuritY gang. All of the ransom notes also used the “cloud@mail2pay.com” email address as a means for users to contact he attackers.

According to the security researcher Victor Gevers, who has been tracking the attacks for a long time, these resent intrusions appear to be the work of an unsophisticated attacker that does not use complex exploits and targets devices, which are already exposed on the internet. Furthermore, the hackers didn’t even bother to encrypt the data.

While the Cl0ud SecuritY gang claims to have copied victims’ data on their servers and threatens to publish the data if the ransom is not paid, there is no evidence to support the hackers’ claims.

“Based on current evidence, the ransom notes appear to carry empty threats, and their role seems to be to scare victims into paying a ransom demand for data hackers have already wiped,” ZDNet wrote.

Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020