A hacker gang is wiping Lenovo NAS devices and asking for ransoms

[cryptomaniac_xxx]

Anyone here using the old Lenovo NAS? if yes then you could be a potential victims. The ransom is 0.03BTC.

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.

Attacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams.

Attacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password.

https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms/


Sample ransom note:

Hackers email account:

Code:

cloud@mail2pay.com

Hackers bitcoin address:

Code:

1DN8Zhiz7maYKvWTa3a8t4CMj4xSJuQtKQ

[ABCbits]

The NAS is already discounted and stopped receiving support 2 years ago, so it's not surprising it happened. Same things happened with users and company who insist using Windows XP.

But in this case, the data still could be recovered easily as long as the hacker doesn't use secure way to delete victim's data.