Remote Samba Servers Has Been Attacked By NamPoHyu Virus Ransomware

On March, 2019 a recently spotted new cyber threat on NAS storage devices called MegaLocker Virus which is categorized under the ransomware family. In early April, 2019 it changed its name to LNamPoHyu Virus Ransomware that can target remote Sambha servers in different way from all other ransomware.

This Ransomware infection can easily get installed into the compromised computer system through malicious email attachments, hacked executable files or some untrusted downloading sources. It can attack the targeted system and encrypts all the confidential files of the victim by appending its file extension name to .NamPoHyu extension to each encrypted file names.

NamPoHyu Virus Ransomware searches to get easy access to Samba servers by brutally forcing for passwords, and then start encrypting its crucial files stored into the victimized computer system. After encrypting process it creates and drops a ransom demanding note on the desktop of the corrupted system for its users.

According to Shodan more than 500, 000 remote Sambha servers are available if it get accessed to all severs it could be a disastrous situation. This ransomware is fast growing malware threat which is recognized as a leader of Global cyber attack theses days whose main intension is to lock the system files of the targeted computer and then demand for ransom payment to unlock those encrypted files.

MegaLocker Virus can encrypts the files and append the encrypted files to .crypted extension and then creates a ransom alert note in !DECRYPT_INSTRUCTION.TXT format which demanded to pay $250 for personal victim and $1000 for companies through using crypto-currency like Bitcoin. It also contains a email contact address [email protected] of remote hackers.

After switching its name to NamPoHyu Virus Ransomware it again started encrypting all sensitive files and then append its extension to .NamPoHyu file extension name. The ransom note remains the same except an instruction get included a link of Tor payment site. It forcefully compels the victim of the contaminated system to pay $250 for personal victim and $1000 for companies by using Bitcoin crypto-currency. After reaching to Tor sites victims are guided to email [email protected] with some ID listed in the ransom demanding note for the payment instructions.

If you really want to protect yourself from any kind of ransomware attacks it is most essential to make good computing habits and some security application softwares. And the necessary step is to always have a highly reliable and tested backup copies of the crucial data which can be restored in case of any emergency like some harmful malware attacks. You should also protect your data by some strong passwords and highly advanced detection programs.

Leave a Comment

Your email address will not be published. Required fields are marked *