- The ransomware was first detected in March 2019.
- The attackers are directly launching the malware on vulnerable Samba servers by brute forcing the passwords.
A new ransomware family called ‘NamPoHyu Virus’ ransomware has been found targeting vulnerable Samba servers. Instead of running executables on a victim’s computer, the attackers are directly launching the malware on vulnerable Samba servers by brute forcing the passwords.
How dreadful can be the ransomware – Once the ransomware – also called MegaLocker Virus – manages to brute force a vulnerable Samba server, it remotely encrypts the files and then leaves a ransom note.
Shodan, the search engine, has found some 500,000 accessible Samba servers across the globe. This indicates that this ransomware infection can be massive if the attackers gain access to these vulnerable Samba servers.