Iomega NAS devices exposed to hackers, ransom notes left in wake

Lenovo Iomega NAS devices have become accessible to hackers, who have been deleting files on the publicly accessible devices. In their place, they have been leaving ransom notes stating that the hackers will only return the files if they are paid a ransom in SegWitCoin (BTC).

In the BleepingComputers forums, users are providing reports that their files on the Lenovo Iomega NAS devices have been deleted or hidden. Users are told that their files are safe, but had been encrypted and have been moved to a safe location.

To retrieve files, some users report that they have been told they must pay 0.03 in BTC to a specific digital address. Payments have ranged from 0.01 ($100) up to 0.05 BTC ($470). Those who do not provide the necessary ransom are told that their files will be “gone for good.”

This ransom is considered to be a relatively small amount to ask for. Many ransomware hackers have asked for as much as six figures. The speculation is that the low amounts are small enough that most will be paid. Considering that this is a small amount, it is likely much more cost-effective to choose to pay the ransom rather than paying someone to attempt to retrieve the files through a file recovery.

According to one report, one payment account has received nine payments totaling $1900 in BTC.

What has made this attack so successful is that it has been discovered that the Lenovo products had a vulnerability in them. This vulnerability arose from an unprotected API call, allowing anyone to use Shodan to find the vulnerability in the NAS devices. This allowed them to download the exposed files by following specific requests.

Lenovo has released firmware updates in response to the security breach. This should allow users to safely use the NAS devices without concern of security issues.

Some victims also report that it has been their negligence that has led to a breach. Because they had not properly secured their Iomega NAS drive, it created an opening that allowed hackers to be able to attack their system and steal their files.

While many have chosen to pay the ransom, there have been those who have been able to recover their lost files on their own. One victim explained that he was able to use a file recovery software program by attaching his NAS drive directly to his PC.