Lenovo NAS devices face hacker ransom scheme

A hacker group that goes by ‘Cl0ud SecuritY’ is targeting Lenovo network-attached storage (NAS) devices, wiping them, and then demanding a ransom.

The group is targeting old LenovoEMC NAS devices. LenovoEMC was formally known as Iomega.

Ransom notes left in the devices are asking owners to pay between $200 and $275 to have their data returned.

Only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password are being targeted.

ZDNet identified around 1,000 such unsecured devices currently vulnerable to this threat.

The ransom note placed into the devices is named “RECOVER YOUR FILES !!!!.txt.”

These notes are signed as ‘Cl0ud SecuritY’ and instruct the user to email [email protected] in order to pay the ransom.

While the Cl0ud SecuritY hackers claim they have copied the files of the victim onto their own server, there is no evidence that they have done more than just wiped the data from the NAS device they are attacking.

These extortion attempts are avoidable by properly securing these devices. Information on how to do so is available on the Lenovo support page found here: https://support.lenovo.com/us/en/solutions/LEN_11575

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648