A new ransomware family called NamPoHyu Virus or MegaLocker Virus is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim's computer, the attacker is running the ransomware locally and having it remotely encrypt accessible Samba servers.
Ransomware infections are typically installed on the computer that will be encrypted, whether that be through other malware, malicious email attachments, or by the attackers hacking a computer or network.
This new ransomware is doing things differently by searching for accessible Samba servers, brute forcing the passwords, and then remotely encrypting their files and creating ransom notes.
Unfortunately, there are plenty of targets, as Shodan shows close to 100,000 accessible Samba servers.
... ...
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
