In a phone call today, Victor Gevers, a security researcher with the GDI Foundation, told ZDNet he's been tracking the attacks for years and that these recent intrusions appear to be the work of an unsophisticated hacker.
![lenovo iomega mhndhd software lenovo iomega mhndhd software](https://s1.manualzz.com/store/data/002906469_1-392bdb1ca79d50fc6b5c9b7ecd7bc987.png)
While last year's attacks were not signed and used a different contact email, there are many similarities between the ransom note texts used in both 20 to believe the same threat actor is behind both attack waves. The recent attacks recorded over the past month appear to be a continuation of attacks that started last year, and which have also exclusively targeted LenovoEMC (formerly Iomega) NAS stations. Many of the NAS devices we found this way contained a ransom note named " RECOVER YOUR FILES !!!!.txt."Īll ransom notes were signed with the ' Cl0ud SecuritY' monicker and used the same " email address as the point of contact. ZDNet was able to identify around 1,000 such devices using a Shodan search. A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.Īttacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams.Īttacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password.