Avoiding NextCry NextCloud Linux Ransomware

Popular self-hosted productivity platform NextCloud has a hacker problem.

A new and particularly troublesome ransomware variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on NextCloud Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.

Ransomware hunter and creator of ID Ransomware  Michael Gillespie notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary using pyInstaller, oddly uses Base64 to encode file names as well as the content of files which have already been encrypted. Gillespie has also confirmed that NextCry encrypts data using the AES algorithm with a 256-bit key.

The ransom note that NextCry victims receive reads ““READ_FOR_DEC

How did this happen?

On October 24, NextCloud disclosed a remote code execution vulnerability (CVE-2019-11043) which has been exploited to compromise servers with the default Nextcloud NGINX configuration.

NextCloud recommends that administrators upgrade their PHP packages and NGINX configuration file to the latest version to protect against NextCry attacks.

Remember, Rasmus Holst, chief revenue officer of secure collaboration platform Wire believes in 2020, Cyberattacks will become the number one threat to our global economy. Who are we to argue? It seems painfully obvious to compliance, IT managers CSOs and CISOs that the prediction will happen eventually. 2021, 2022, etc.

The worst part is companies are on their ow- it is up to you to be aware of the increasing threat.

There is no way to be 100% safe from hackers and ransomware but not patching your systems as soon as humanly possible is an invitation to the hackers of the world – telling them you are OK being extorted.

How do you stay secure or at least drastically reduce the risk? Just follow these three steps:

1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing BoxKnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.

3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.

4) Have a BCDR appliance/cloud strategy like Datto, etc.

See the only Collaboration and Cybersecurity vendors that matter at the ITEXPO #TECHSUPERSHOW.

A unique experience with a collocated IoT EvolutionSDWAN EXPOAIOps Expo and MSP Expo

Join others with $8.5B+ in buying power who plan 2020 budgets! Including 3,000+ resellers!

Feb 12-14, 2020, Fort Lauderdale, FL. Register now.


Share via
Copy link
Powered by Social Snap