Koc
Moderator
- Joined
- Jun 28, 2020
- Messages
- 192
- Reaction score
- 5,211
- Points
- 93
Cl0ud SecuritY Group promises to return deleted data for a fee.
Cybercrime Cl0ud SecuritY hacks outdated LenovoEMC Network Storage Networks (NAS) (formerly Iomega), erases all files and requires $ 200-275 for their return. After deleting the data, the attackers leave the text file RECOVER YOUR FILES !!!!. Txt with the contact email address ([email protected]).
According to the BitcoinAbuse portal, where users can report bitcoin wallets used in ransomware and other cybercriminal operations, attacks have been ongoing for at least a month. The attacks target exclusively LenovoEMC / Iomega NAS with an Internet-connected interface without password protection.
This campaign seems to be a continuation of last year’s operation, during which attackers also attacked outdated LenovoEMC / Iomega NAS, whose support ceased in 2018. Although the attackers did not identify themselves in the first campaign and used a different contact email address, ransom notes are very similar in both cases, which may indicate the same grouping.
GDI Foundation security researcher Victor Gevers told ZDNet that attacks are the work of inexperienced hackers. Attackers use a simple exploit, attack devices already accessible via the Internet, and do not bother with file encryption.
According to cybercriminals, they copy the data stored in online storage before deleting it and intend to publish it in the public domain if the ransom is not paid within five days. However, there is no evidence that the ransomware actually backs up the deleted files, nor does the fact that the data is published in case of non-payment.
Cybercrime Cl0ud SecuritY hacks outdated LenovoEMC Network Storage Networks (NAS) (formerly Iomega), erases all files and requires $ 200-275 for their return. After deleting the data, the attackers leave the text file RECOVER YOUR FILES !!!!. Txt with the contact email address ([email protected]).
According to the BitcoinAbuse portal, where users can report bitcoin wallets used in ransomware and other cybercriminal operations, attacks have been ongoing for at least a month. The attacks target exclusively LenovoEMC / Iomega NAS with an Internet-connected interface without password protection.
This campaign seems to be a continuation of last year’s operation, during which attackers also attacked outdated LenovoEMC / Iomega NAS, whose support ceased in 2018. Although the attackers did not identify themselves in the first campaign and used a different contact email address, ransom notes are very similar in both cases, which may indicate the same grouping.
GDI Foundation security researcher Victor Gevers told ZDNet that attacks are the work of inexperienced hackers. Attackers use a simple exploit, attack devices already accessible via the Internet, and do not bother with file encryption.
According to cybercriminals, they copy the data stored in online storage before deleting it and intend to publish it in the public domain if the ransom is not paid within five days. However, there is no evidence that the ransomware actually backs up the deleted files, nor does the fact that the data is published in case of non-payment.