Netizens reported attacks on Lenovo Iomega NAS, in which attackers deleted files from the device and left notes demanding that the files be ransomed for bitcoins.
The ransom notifications reported that the user's files were encrypted and moved to a safe location. The amounts and text of messages inside the notes are different. Most often, the user is required to transfer from 0.01 to 0.05 bitcoin (approximately $ 95 to $ 477) to the specified address, otherwise the files will disappear forever or be sold on the darknet. However, according to BleepingComputer, the files are actually deleted, not encrypted and stored in a safe place.
Some victims were able to successfully recover files after connecting the NAS to a PC via the USB port.
How attackers gain access to the victim's devices remains unknown, but a Shodan search reveals numerous Iomega NAS devices connected directly to the Internet. Unsecured Iomega devices have public interfaces that allow you to remotely access files over the Internet by deleting or loading folders from network storage devices.
Recently, Iomega NAS devices have not been the only ones to be attacked by ransomware. Recently it became known about the ransomware eCh0raix, which attacked QNAP NAS, demanding 0.06 bitcoin (approximately $ 587) for file recovery.
