Old Lenovo NAS devices are currently targeted by a group of hackers called "Cl0ud SecuritY;" hackers claimed by the security researchers used ransom notes. According to ZDNet's latest report, the network-attached storage (NAS) of old LenovoEMC devices, formerly known as Iomega, was invaded by the hacker group and left ransom notes behind asking owners to pay between $200 up to $275 to have their data back which was wiped off.
Also Read: Ransomware: Netwalker Cybercriminal Gang Extorts $1.14M From University in the Midst of Finding a COVID-19 Cure
Also Read: BEWARE: China's Power Equipment Could Trigger Electricity Grid Failure: India Will Inspect for Malware
According to entries on BitcoinAbuse, the attacks have been happening for at least a month BitcoinAbuse is a web portal where users can report Bitcoin addresses abused in extortion, ransomware, cybercrime, and other online malicious acts. However, only LenovoEMC or Iomega NAS devices were targeted since these devices are exposing their management interface on the internet without any protection, leading to security issues.
The report stated that around 1,000 LenovoEMC devices were using a Shodan search. A ransom note named "RECOVER YOUR FILES !!!!.txt." was identified in many of the NAS devices. The same "email@example.com" email address was used as the point of contact in all ransom notes, signed with the "Cl0ud SecuritY" monicker.
The reported stated that the same attacks, which were published by Bleepingcomputer, have also exclusively targeted LenovoEMC NAS station; the recent attacks recorded over the past month appear to be a continuation of the previous attacks.
Here are important things you need to know
According to ZDNet, the same hacker may be behind the recent attacks and the previous ones since they have many similarities between the ransom note texts used in both 2019 and 2020, although compared to the current attacks, last year were not signed and used a different contact email.
A security researcher, Victor Gevers, and the GDI foundation told the attacks were being tracked for years and that these recent ransoms appear to be the work of a sophisticated cyber attacker. Victor Gevers also added that the group of hackers targeted old Lenovo devices that were already wide open on the internet, allowing the hackers not to rely on a complex exploit when encrypting the data.
If a ransom note is not paid within five days, the Cl0ud SecuritY threatened to leak the files that they claimed to have been copied and sent to their servers. But, the report said that there is no evidence yet showing that any data from the past victims have been leaked online, nor has been backed up anywhere for the past year. The report also suggested that the role of the attack is to lure victims into paying a ransom demand for data hackers have already wiped since the ransom notes appear to carry empty threats, based on current evidence.