NamPoHyu Virus' Ransomware Targets Remote Samba Servers

Mohammad.Poorya

Bardzo aktywny
Ekspert
Dołączył
19 Wrzesień 2018
Posty
3197
Reakcje/Polubienia
12939
Miasto
On a Bike!
A new ransomware family called NamPoHyu Virus or MegaLocker Virus is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim's computer, the attacker is running the ransomware locally and having it remotely encrypt accessible Samba servers.

Ransomware infections are typically installed on the computer that will be encrypted, whether that be through other malware, malicious email attachments, or by the attackers hacking a computer or network.

This new ransomware is doing things differently by searching for accessible Samba servers, brute forcing the passwords, and then remotely encrypting their files and creating ransom notes.
Unfortunately, there are plenty of targets, as Shodan shows close to 100,000 accessible Samba servers.

Zaloguj lub Zarejestruj się aby zobaczyć!
 
Do góry