The attacks on LenovoEMC/Iomega NAS devices are not the first that have targeted NAS devices in recent years.
#Lenovo iomega mhndhd software how to#
However, some NAS devices are still running, and luckily, a Lenovo support page on how to properly secure these types of devices is still available online for users seeking to secure their data. Lenovo has discontinued both the LenovoEMC and Iomega NAS lines in 2018, and the reason why we only identified around 1,000 devices still exposed online, as most NAS stations have reached their EOL long ago and have been decommissioned by many users.
Gevers told ZDNet today that attacks against LenovoEMC (Iomega at the time) NAS devices are not new and that he investigated incidents as far back as 1998. However, there is no evidence to suggest the data has been backed up anywhere, nor that any data from past victims has been leaked online anywhere over the past year.īased on current evidence, the ransom notes appear to carry empty threats, and their role seems to be to scare victims into paying a ransom demand for data hackers have already wiped. The Cl0ud SecuritY hackers claim to have copied the victim's files to their servers and threatened to leak files, usually if a ransom note is not paid within five days. Gevers said the hackers didn't rely on a complex exploit, targeted devices that were already wide open on the internet, and didn't bother encrypting the data. In a phone call today, Victor Gevers, a security researcher with the GDI Foundation, told ZDNet he's been tracking the attacks for years and that these recent intrusions appear to be the work of an unsophisticated hacker. While last year's attacks were not signed and used a different contact email, there are many similarities between the ransom note texts used in both 20 to believe the same threat actor is behind both attack waves. The recent attacks recorded over the past month appear to be a continuation of attacks that started last year, and which have also exclusively targeted LenovoEMC (formerly Iomega) NAS stations. Many of the NAS devices we found this way contained a ransom note named " RECOVER YOUR FILES !!!!.txt."Īll ransom notes were signed with the ' Cl0ud SecuritY' monicker and used the same " email address as the point of contact. ZDNet was able to identify around 1,000 such devices using a Shodan search. A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.Īttacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams.Īttacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password.
0 kommentar(er)
