live casino online

A ransomware family was recently spotted targeting vulnerable Samba servers: NamPoHyu Virus aka MegaLocker Virus. NamPoHyu Virus is unlike typical ransomware families that are delivered locally and launched as executables. Instead, it searches for publicly accessible Samba servers, brute-forces them, and runs the ransomware locally to encrypt the exposed servers.

[READ: What You Need to Know About the LockerGoga Ransomware]

is an open-source implementation of the Server Message Block (SMB) networking protocol used for providing services such as file and print sharing. It is run on most systems with , and enables these systems to communicate with Windows-based clients.

Given how Samba provides interoperability between different platforms, NamPoHyu Virus¡¯ adverse impact could be pervasive. According to a by BleepingComputer, search results in Shodan, a search engine for internet-connected devices, show that there are over 500,000 unauthenticated and publicly accessible Samba servers.

[READ: Examining Ryuk Ransomware Through the Lens of Managed Detection and Response]

The NamPoHyu Virus ransomware is said to have first emerged in March as MegaLocker Virus, encrypting victims¡¯ network-attached storage (NAS) devices. Files encrypted by the MegaLocker Virus would be appended with the .crypted extension. The ransom note would demand a payment of US$250 from users, and ask them to send their private or personal photos as proof that they are not a business. Affected companies, meanwhile, would be coerced to pay US$800.

By early April, it was reported that MegaLocker Virus had to NamPoHyu Virus. From then on, it has appended the .NamPoHyu extension to encrypted files. NamPoHyu Virus now demands US$1,000 from affected companies, while the ransom for personal users remains at US$250. Victims are given a grace period of 10 days to pay. NamPoHyu Virus now also has a Tor payment website.

[READ: Ransomware Attack Hinders Michigan County Operations]

Threats targeting Samba aren¡¯t new. In July 2017, live casino online researchers Linux malware that exploited the notorious SambaCry vulnerability (), which was also used to deliver cryptocurrency-mining malware. The SambaCry-exploiting threat targeted and hijacked NAS devices. Despite being a relatively old flaw, SambaCry to be a persistent security risk, particularly to internet-of-things (IoT) and connected devices.

[READ: Erebus Linux Ransomware: Impact to Servers and Countermeasures]

Ransomware may be plateauing, but its destructive impact poses significant risks to users and businesses. In June 2017, for instance, a South Korean company incurred losses of at least US$1 million when more than a hundred of its Linux servers were affected by the . There¡¯s also the server-targeting , which has been a perennial threat especially to the healthcare, education, and transportation industries.

All it could take is a single vulnerable or exposed , , , or for ransomware to affect many systems and devices. Users and organizations should thus proactively practice security hygiene, which includes:

• Regular backups of data
• Updated programs, applications, and operating systems (or use of virtual patching for legacy systems)
• Caution against unsolicited emails
• Restriction or secure use of system administration tools
• Defense in depth, or security at each layer of a system or server, such as sandboxing, behavior monitoring, application control, and firewall