Dear Readers,
I am writing this email to apprise my readers about the Ransomware called “NextCry” which has fooled most firewalls and antivirus solutions. It has not yet affected Indian networks which makes this email relevant for a proactive approach.
It is targeting Linux based NAS and File Servers. It also affects any cloud backup solutions bundled with such NAS and File Servers. It uses very strong AES 256 algorithm which is difficult to reverse and mostly charges 200 USD in form of bitcoins to provide decryption key.
It targets cloud based NextCloud admin console in browser and modifies its config.php and completes the destruction. This is specifically more disastrous as NAS or Linux Servers are not actively attended and they serve as file servers without interactive usage. Currently NextCloud is offering USD 10000 bounty to report the vulnerability. It is sometimes effective tactic to have gray hat hackers on its side. The details are freely available on Internet.
Now, coming to the point, until the time you sure about your security, take following precautions.
A. Scan NAS or File server thoroughtly
B. If you are using cloud backup of NAS or File Server, stop the backup temporarily and immediately take advise from your cloud infrastructure provider.
C. Do not access files using admin level users over the network, or through VPN.
D. Take backup on an independent hardware and keep it disconnected physically from your Network Infrastructure.
I herewith confirm that BLACKbox is not affected by this event. It is also confirmed that its Vault and Workspace technology is not penetrable by this event, provided all precautions are taken by BLACKbox admin, such as never access it through admin privilege, never access BLACKbox through admin privileges over browser. BLACKbox has got power profiles for recycle.bin, vault.moderator, backup.restore, and access.controller which are found robust leading to this event being harmless.
If you are the member of BLACKbox Knowledge Center, and you are using third party NAS / File Server, you may use your login access to take our assistance for any problems.
I hope to reflect this email as useful and proactive to minimize the risk.
Best Regards,
Vishal Shah
Founder and CEO,
Synersoft Technologies Pvt Ltd