{"id":15622,"date":"2019-11-24T18:25:30","date_gmt":"2019-11-24T23:25:30","guid":{"rendered":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/?p=15622"},"modified":"2022-10-14T18:27:36","modified_gmt":"2022-10-14T22:27:36","slug":"avoiding-nextcry-nextcloud-linux-ransomware","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/avoiding-nextcry-nextcloud-linux-ransomware.html","title":{"rendered":"Avoiding NextCry NextCloud Linux Ransomware"},"content":{"rendered":"\n

Popular self-hosted productivity platform NextCloud <\/a>has a hacker problem.<\/p>\n\n\n\n

A new and particularly troublesome\u00a0ransomware<\/a>\u00a0variant has been identified <\/a>in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on\u00a0NextCloud<\/a>\u00a0Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.<\/p>\n\n\n\n

Ransomware hunter and creator of ID Ransomware<\/a>  Michael Gillespie<\/a> notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary using pyInstaller, oddly uses Base64 to encode file names as well as the content of files which have already been encrypted. Gillespie has also confirmed that NextCry encrypts data using the AES algorithm with a 256-bit key.<\/p>\n\n\n\n

The ransom note<\/a> that NextCry victims receive reads \u201c\u201cREAD_FOR_DEC<\/p>\n\n\n\n

How did this happen?<\/p>\n\n\n\n

On October 24, NextCloud disclosed a remote code execution vulnerability (CVE-2019-11043) which has been exploited<\/a> to compromise servers with the default Nextcloud NGINX<\/a> configuration.<\/p>\n\n\n\n

NextCloud recommends that administrators upgrade their PHP packages and NGINX configuration file to the latest version to protect against NextCry attacks.<\/p>\n\n\n\n

Remember, Rasmus Holst, chief revenue officer of secure collaboration platform\u00a0Wire<\/a> believes in 2020, Cyberattacks will become the number one threat<\/a> to our global economy. Who are we to argue? It seems painfully obvious to compliance, IT managers CSOs and CISOs that the prediction will happen eventually. 2021, 2022, etc.<\/p>\n\n\n\n

The worst part is companies are on their ow- it is up to you to be aware of the increasing threat. <\/p>\n\n\n\n

There is no way to be 100% safe from hackers and ransomware but not patching your systems as soon as humanly possible is an invitation to the hackers of the world – telling them you are OK being extorted.<\/p>\n\n\n\n

How do you stay secure or at least drastically reduce the risk? Just follow these three steps:<\/em><\/p>\n\n\n\n

1) Read cybersecurity essentials<\/a> \u2013 a simple list which will help most organizations become far more secure.<\/p>\n\n\n\n

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box<\/a>, KnowBe4 <\/a>and Phish360<\/a>; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.<\/p>\n\n\n\n

3) We also recommend you get a\u00a0free evaluation of your cybersecurity risk\u00a0<\/a>from an MSP\/MSSP immediately \u2013 they can also help you build in the needed compliance to reduce the risk of being fined.<\/p>\n\n\n\n

4) Have a BCDR appliance\/cloud strategy like Datto<\/a>, etc.<\/p>\n\n\n\n

See the only Collaboration and Cybersecurity vendors that matter at the <\/strong>ITEXPO<\/strong><\/a> #TECHSUPERSHOW.<\/strong><\/p>\n\n\n\n

A unique experience with a collocated IoT Evolution<\/a>, SDWAN EXPO<\/a>, AIOps Expo<\/a> and MSP Expo<\/strong><\/a>\u2026<\/p>\n\n\n\n

Join others with $8.5B+ in buying power who plan 2020 budgets! Including 3,000+ resellers!<\/strong><\/p>\n\n\n\n

Feb 12-14, 2020, Fort Lauderdale, FL. Register now<\/a>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n


<\/p>\n","protected":false},"excerpt":{"rendered":"

Popular self-hosted productivity platform NextCloud has a hacker problem. A new and particularly troublesome\u00a0ransomware\u00a0variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on\u00a0NextCloud\u00a0Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption<\/p>\n","protected":false},"author":44,"featured_media":15623,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[156],"tags":[1796,300,2574,2575,1839],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/15622"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=15622"}],"version-history":[{"count":1,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/15622\/revisions"}],"predecessor-version":[{"id":15624,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/15622\/revisions\/15624"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media\/15623"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=15622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=15622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=15622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}