- Joined
- May 15, 2016
- Messages
- 14,528
- Likes
- 2,645
- Points
- 1,730
The victim is required to transfer from 0.01 to 0.05 bitcoin to the specified address, otherwise the files will be lost forever or will be sold on darknet.
Netizens reported attacks on Lenovo Iomega network drives, during which attackers deleted files from the device and left notes requesting them to buy files for Bitcoins.
In the ransom notice, it was reported that the user's files were encrypted and moved to a safe place. The amounts and text of the messages inside the notes differ. Most often, the user is required to transfer from 0.01 to 0.05 bitcoin (approximately from $ 95 to $ 477) to the specified address, otherwise the files will be lost forever or will be sold on darknet. However, according to the BleepingComputer resource, files are actually deleted, not encrypted and stored in a safe place.
Some victims were able to successfully recover files after connecting a network drive to a PC via the USB port.
It remains unknown how attackers gain access to the victim’s devices, but a search in Shodan reveals the numerous Iomega network drives connected directly to the Internet. Unprotected Iomega devices have publicly accessible interfaces that allow you to remotely access files via the Internet, deleting or downloading folders from network drives.
Recently, Iomega network drives have proven to be not the only devices subjected to ransomware attacks. Recently it became known about the extortionate software eCh0raix, which attacked QNAP network drives, demanding to restore 0.06 bitcoin files (approximately $ 587).
Source: https://www.securitylab.ru/news/500221.php