Level 32
Staff member
Malware Hunter
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it.

Cr1ptT0r was first discovered in the BleepingComputer forums where users stated that their D-Link DNS-320 devices were infected by the ransomware. D-Link no longer sellsthe DNS-320 enclosure but the product page indicates that it is still supported. However, the newest firmware revision came out in 2016 and there are plenty of known bugs that can be leverage to compromise the equipment.

Scanning the malicious ELF binary on Thursday showed a minimum detection rate on VirusTotal, with only one antivirus engine identifying Cr1ptT0r as a threat. At the time of publishing, the malware is picked up by at least six antivirus engines.

Old firmware is a sitting duck