Home > Cyber News > Ransomware Is Targeting LenovoEMC NAS Devices

Ransomware Is Targeting LenovoEMC NAS Devices

LenovoEMC NAS devices are the latest targets of a cybercrime group known as Cl0ud SecuritY.

LenovoEMC NAS, or network-attached storage devices are currently being targeted by ransomware threat actors who wipe their files and demand a ransom of about $200 – $275 to restore the data. Data from BitcoinAbuse, a portal where Bitcoin addresses used in ransomware and cybercrime are reported, shows that this Cl0ud SecuritY campaign has been going for at least a month.

Primary targets of the attackers are LenovoEMC NAS devices that have their management interface exposed on the internet without a password. According to a Shodan search, there are approximately 1,000 such devices, ZDNet says. Some of the NAD devices that were found by the security researchers contained a ransom note dubbed RECOVER YOUR FILES!!!!.txt, signed by the Cl0ud SecuritY hackers who left the following email for contact:


This is not the first campaign targeting the same brand of NAS devices. Last year another campaign targeted LenovoEMC and although it wasn’t signed and had a different email address, researchers believe it was coined by the same group.

Attacks against LenovoEMC NAS devices carried out by unsophisticated criminals

According to security researcher Victor Gevers from the GDI Foundation, such attacks have been going on for years, with the recent intrusions most likely coming from an unsophisticated hacker group. In a conversation with ZDNet, the researcher shared that these hackers rely on a simple exploit and are targeting devices that already exposed to the internet.

Even though the Cl0ud SecuritY hackers are claiming they have copied the victim’s files to their servers and threating to leak them, researchers have discovered no evidence supporting these claims. In other words, this makes the threats made in the ransom note insufficient.

It is also important to note that Lenovo has officially discontinued LenovoEMC devices in 2018 which probably explains why the number of discovered devices is not more than a thousand.

In July 2019, an attack campaign was set against QNAP NAS devices owned by both end users and enterprise users. The malware which was used against them was the Linux-based eCh0raix ransomware. The attack also used a blacklist which would stop the infection if the victim’s device was located in Belarus, Ukraine or Russia.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree