Lenovo Iomega NAS Devices Targeted by Hackers Demanding Ransom

Users have reported attacks on Lenovo Iomega network-attached storage (NAS) devices, where unknown hackers delete files from the devices and leave ransom notes demanding payment in Bitcoin to recover the files.

How the Attacks Work

The ransom notes claim that the user’s files have been encrypted and moved to a secure location. The messages vary, but typically demand between 0.01 and 0.05 Bitcoin (approximately $95 to $477) to be sent to a specified address. The notes threaten that if the ransom is not paid, the files will be lost forever or sold on the dark web.

However, according to BleepingComputer, the files are actually deleted rather than encrypted or stored elsewhere. In some cases, victims have been able to recover their files by connecting the NAS device to a PC via USB.

How Are Hackers Gaining Access?

It is still unclear how the attackers are accessing the victims’ devices. A search on Shodan reveals many Iomega NAS devices directly connected to the internet. Unprotected Iomega devices have publicly accessible interfaces, allowing remote access to files over the internet, including the ability to delete or download folders from the NAS.

Other Recent Ransomware Attacks on NAS Devices

Lenovo Iomega NAS devices are not the only ones targeted by ransomware recently. The eCh0raix ransomware has also attacked QNAP NAS devices, demanding 0.06 Bitcoin (about $587) for file recovery.

Sources and Further Reading

• BleepingComputer