30 June 2020

Cl0ud SecuritY hackers are wiping Lenovo NAS devices, demanding ransom


Cl0ud SecuritY hackers are wiping Lenovo NAS devices, demanding ransom

A hacker group known as “Cl0ud SecuritY” is compromising discontinued LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, deleting files and leaving ransom notes behind with ransom demands varying from $200 to $275, ZDNet reports.

The attacks have been occurring since last month and appear to target only LenovoEMC/Iomega NAS devices with exposed management interface. ZDNet said it was able to identify nearly 1,000 exposed devices using Shodan, and many of them contained a ransom note named "RECOVER YOUR FILES !!!!.txt" signed by the Cl0ud SecuritY gang. All of the ransom notes also used the “cloud@mail2pay.com” email address as a means for users to contact he attackers.

According to the security researcher Victor Gevers, who has been tracking the attacks for a long time, these resent intrusions appear to be the work of an unsophisticated attacker that does not use complex exploits and targets devices, which are already exposed on the internet. Furthermore, the hackers didn’t even bother to encrypt the data.

While the Cl0ud SecuritY gang claims to have copied victims’ data on their servers and threatens to publish the data if the ransom is not paid, there is no evidence to support the hackers’ claims.

“Based on current evidence, the ransom notes appear to carry empty threats, and their role seems to be to scare victims into paying a ransom demand for data hackers have already wiped,” ZDNet wrote.

Back to the list

Latest Posts

Apple fixed four dangerous vulnerabilities in macOS

Apple fixed four dangerous vulnerabilities in macOS

Exploitation of some of the problems allows arbitrary code execution on the system.
28 September 2020
200,000 Businesses are exposed to MitM attacks

200,000 Businesses are exposed to MitM attacks

A successful attack could allow an attacker to present a valid SSL certificate and fraudulently take over a connection.
25 September 2020
Hackers exploit Zerologon vulnerability in wild

Hackers exploit Zerologon vulnerability in wild

Microsoft strongly recommends all Windows administrators to install the security updates.
24 September 2020
Featured vulnerabilities
Denial of service in Apache Openmeetings
Medium Patched | 28 Sep, 2020
Cross-site scripting in Arachnys Cabot
Low Not Patched | 28 Sep, 2020
Information disclosure in PowerDNS
Medium Patched | 28 Sep, 2020