StorageCrypt Ransomware Targets NAS Devices via SambaCry Exploit

A new ransomware family is using the SambaCry vulnerability that was patched in May to infect network-attached storage (NAS) devices, researchers have discovered.
防泄密在线课程
Dubbed StorageCrypt, the ransomware demands between 0.4 and 2 Bitcoins ($5,000 to $25,000) from its victims for decrypting the affected files.
To infect NAS devices, StorageCrypt abuses the Linux Samba vulnerability known as SambaCry and tracked as CVE-2017-7494. Affecting devices from major vendors, the bug allows remote attackers to execute arbitrary code on targeted systems by uploading a shared library to a writable share, and then causing the server to load that library.
The first attempt to abuse the vulnerability resulted in targeted systems being infected with a cryptocurrency miner. During summer, a piece of malware dubbed SHELLBIND started abusing the flaw to infect NAS devices.
StorageCrypt leverages the SambaCry in the same manner as SHELLBIND did, BleepingComputer’s Lawrence Abrams reveals. The attack relies on the exploit executing a command to download a file called sambacry, store it in the /tmp folder as apaceha, and then running it.
What the security researcher couldn’t yet determine is whether the executable is only used to install the ransomware or is also serves as a backdoor for future attacks.
Once StorageCrypt is up and running on the infected device, it encrypts and renames the files and appends the .locked extension to them. It also drops a ransom note containing the ransom amount, the attackers’ Bitcoin address, and email address [email protected].
The malware was also observed dropping two files on the infected NAS devices, namely Autorun.inf and 美女与野兽.exe (which reportedly translates to Beauty and the beast). The former file is meant to spread the Windows executable to the machines the folders on the NAS device are accessed from.
To stay protected from this ransomware or other malware abusing SambaCry, users are advised to apply the latest patches to ensure their devices aren’t vulnerable, as well as to disconnect NAS devices from the Internet. Setting up a firewall and using a VPN for secure access to the NAS should also be taken into consideration.

找出和企业生命息息相关的信息数据、给这些数据加以分类、给这些数据委派给相应的所有人。
Related: Malware Targets NAS Devices Via SambaCry Exploit
Related: Web Hosting Provider Pays $1 Million to Ransomware Attackers
信息安全论坛ISF发布未来两年安全威胁态势预测,报告称传统的安全风险管理方法受到了挑战,不能只关注信息安全领域,而是要更多结合组织战略和使用基于业务影响的方法来进行风险管理。

猜您喜欢

练好内功+开放合作,京东构筑移动安全防护城墙
“快意!安宣”只需三步发起安全意识宣教
网络安全法宣传视频系列001《网络安全法》背景知识
全国检察已提起公益诉讼15件
DADDYGAYTUBE LOVEANDWARINTEXAS
信息安全事件捂着盖着还是立即通报