A hacker group known as “Cl0ud SecuritY” is compromising discontinued LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, deleting files and leaving ransom notes behind with ransom demands varying from $200 to $275, ZDNet reports.
The attacks have been occurring since last month and appear to target only LenovoEMC/Iomega NAS devices with exposed management interface. ZDNet said it was able to identify nearly 1,000 exposed devices using Shodan, and many of them contained a ransom note named "RECOVER YOUR FILES !!!!.txt" signed by the Cl0ud SecuritY gang. All of the ransom notes also used the “firstname.lastname@example.org” email address as a means for users to contact he attackers.
According to the security researcher Victor Gevers, who has been tracking the attacks for a long time, these resent intrusions appear to be the work of an unsophisticated attacker that does not use complex exploits and targets devices, which are already exposed on the internet. Furthermore, the hackers didn’t even bother to encrypt the data.
While the Cl0ud SecuritY gang claims to have copied victims’ data on their servers and threatens to publish the data if the ransom is not paid, there is no evidence to support the hackers’ claims.
“Based on current evidence, the ransom notes appear to carry empty threats, and their role seems to be to scare victims into paying a ransom demand for data hackers have already wiped,” ZDNet wrote.