Friday, January 22, 08:16
Home security Hackers delete files from LenovoEMC NAS devices and request a ransom

Hackers delete files from LenovoEMC NAS devices and request a ransom


A hacking team, by name Cl0ud SecuritY, invades old LenovoEMC (formerly Iomega), NAS Appliances, steals them archives and leaves a note asking for it victims to pay between $ 200 and $ 275 to receive them data behind them.

According to entries in BitcoinAbuse, these attacks have been going on for about a month. BitcoinAbuse is a portal where users report addresses Bitcoin used in attacks ransomware, blackmail and other crimes and frauds.

The attacks seem to be target only LenovoEMC / Iomega NAS Appliances who have been exposed to the internet management interface, without a code access.

Unfortunately, there are many such devices exposed on the internet. Many of them actually contained a note called “RECOVER THE FILES !!!!. Txt. ”, He asked ransom.

All notes were signed "Cl0ud SecuritY" and used the same contact email "".

The recent attacks appear to be a continuation of the attacks that began last year and also targeted LenovoEMC NAS. Appliances. In last year's attacks, the hackers they used different e-mail communication and did not say what they were called. However, there are many similarities between the texts in the notes on the ransom, which makes researchers believe that it is the same hacking club.

Ο Victor Gevers, security researcher at GDI Foundation, said he has been monitoring the attacks for years and that these recent attacks appear to be the work of one "Undeveloped" group. Gevers said the hackers are not based on a complex exploit, but are targeting devices that are already exposed to the Internet.

The hackers of "Cl0ud SecuritY" claim that they have copied the victims' files and threaten to leak them if the ransom is not paid within five days.

However, there is no evidence to suggest that hackers they do have the data, nor do they appear to have leaked data previous victims.

Based on current data, hackers' notes rather they are simply trying to scare the victims to pay the ransom, while the hackers have already erased their data users.

Gevers said the attacks on LenovoEMC NAS devices were not new. Similar incidents have been reported since 1998.

Lenovo discontinued the LenovoEMC and Iomega NAS series in 2018, however, some devices are still in operation. There is one Lenovo support page on how users can secure these devices and protect their data.

In recent years, NAS devices have been targeted by DDoS malware, but also from ransomware gangs such as Muhstik, QSnatch and eCh0raix. The current attacks on LenovoEMC NAS Appliances is attempts at blackmail and not attacks ransomware, as well as hackers they have not encrypted files, but most likely deleted them.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...