A new ransomware family called ‘NamPoHyu Virus’ or ‘MegaLocker Virus’ is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim’s computer, the attacker is running the ransomware locally and having it remotely encrypt over half a million accessible Samba servers.
Roy Rashti, Cybersecurity Expert at BitDam:
“The reason that the attackers are using this technique is that it’s easier and safer. They do not need to work hard to reach end-user computers, nor try to evade the detection of security solutions. Instead, they’re simply brute forcing passwords to gain access to the data, which nobody is likely to detect and prevent.
The first thing users can do to protect themselves is, of course, use a strong password. Brute forcing passwords is a path most traveled by attackers and a unique, personal password must be in place. In addition, the access to the servers should be restricted by a VPN, so no scanners are able to detect that this server exists in the first place, nor can it be registered on platforms like Shodan.
The cleverness and creativity of the attackers means they keep finding new ways to affect users’ data and servers. Users must always be prepared for the worst: implement every security solutions that might help to protect them, keep backups of their data and always be on guard.”