Novel MegaLocker ransomware virus targets remote Samba servers.

News by Robert Abel

Ransomware dubbed NamPoHyu virus or MegaLocker virus targets remote Samba servers, brute forcing the passwords, and then remotely encrypting their files and creating ransom notes.

Researchers have spotted a new family of ransomware dubbed NamPoHyu virus or MegaLocker virus targeting remote Samba servers.

Ransomware infections are typically installed on the computer that will be encrypted other malware, malicious email attachments, or by the attackers hacking a computer or network.

This new variant searches for accessible Samba servers, brute forcing the passwords, and then remotely encrypting their files and creating ransom notes, a 16 April Bleeping Computer blog post said.

According to Shodan there are nearly 500,000 accessible Samba servers for threat actors to infect.

The ransomware has been active since March 2019 and was first called MegaLocker virus and changed its name to NamPoHyu in April and while the ransom note file stayed the same, it was updated to include a link to a Tor payment site.

The malware’s ransom note instructs victim to email their assailant sending a photo of themselves at a birthday, holiday, hobbies, or other personal even to prove they were the private person in which they would pay a ransom of US$ 250 (£190)while companies had to pay US$ 1,000 (£770).

Researchers may have found a method to decrypt the ransomware although no information has been made publicly available as of yet.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop