A new ransomware named StorageCrypt is on the prowl and is said to be infecting Networked Attached Storage (NAS) devices such as the Western Digital My Cloud. Victims have been reporting that the files stored on their NAS devices have been encrypted and a ransom note demands anything between 0.4 to 2 BTC to reverse the encryption.
Technically, many SMBs such as photo and animation studios use NAS devices as they allow scalability of storage space, can be easily collaborated with applications and can be used as a private cloud. In most cases, data backups are usually stored on such devices for redundancy and data protection- all a part of disaster recovery o business continuity plan.
Now, according to Bleeping Computer, a SambaCry Vulnerability is allowing hackers to infected NAS devices with StorageCrypt Ransomware.
SambaCry is a Linux Vulnerability that when exposed offers attackers an access to open command shell that can be used to download files and execute commands on the affected devices.
And as soon as a file gets encrypted on a NAS, it will be renamed so that the .locked extension is appended to the filename. The encrypting malware will also pop-out a ransom note named _READ_ME_FOR_DECRYPT.txt that contains the ransom amount, the Bitcoin address to send payment to and the email ID to correspond.
Currently, JeanRenoAParis@protonmail dot com is being used to contact after payment.
Note- Developers of StorageCrypt Ransomware are also offering a guiding note along with the ransom note to help victims who are unaware of Bitcoins or Crypto Currency also known as digital currency.
