{"id":35790,"date":"2020-06-29T19:57:15","date_gmt":"2020-06-29T19:57:15","guid":{"rendered":"http:\/\/3579d19e-02c0-450e-be65-ed6abf2d537f"},"modified":"2020-06-29T19:57:15","modified_gmt":"2020-06-29T19:57:15","slug":"a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/","title":{"rendered":"A hacker gang is wiping Lenovo NAS devices and asking for ransoms"},"content":{"rendered":"<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/2020\/06\/29\/91e1f134-5117-4d98-a45d-78ba1408f21d\/lenovoemc-iomega.png\" class alt=\"LenovoEMC Iomega\"><\/span><\/p>\n<p>A hacker group going by the name of &#8216;Cl0ud SecuritY&#8217; is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.<\/p>\n<p>Attacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams.<\/p>\n<p>Attacks appear to have targeted only LenovoEMC\/Iomega NAS devices that are exposing their management interface on the internet without a password.<\/p>\n<p><em>ZDNet<\/em> was able to identify around 1,000 such devices using a Shodan search.<\/p>\n<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/\" class=\"lazy\" alt=\"shodan.png\" data-original=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/2020\/06\/29\/3954011c-7371-4e97-a341-efea8c10277c\/shodan.png\"><\/span><noscript><\/p>\n<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/2020\/06\/29\/3954011c-7371-4e97-a341-efea8c10277c\/shodan.png\" class alt=\"shodan.png\"><\/span><\/p>\n<p><\/noscript><\/p>\n<p>Many of the NAS devices we found this way contained a ransom note named &#8220;<strong>RECOVER YOUR FILES !!!!.txt<\/strong>.&#8221;<\/p>\n<p>All ransom notes were signed with the &#8216;<strong>Cl0ud SecuritY<\/strong>&#8216; monicker and used the same &#8220;<strong>cloud@mail2pay.com<\/strong>&#8221; email address as the point of contact.<\/p>\n<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/\" class=\"lazy\" alt=\"nas-ransom-2.png\" height=\"auto\" width=\"1200\" data-original=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2020\/06\/29\/41bd7bf5-dd58-42a7-ad92-757aecec5670\/resize\/1200xauto\/2d56a81d4ddf70140563b8ca7d1d602c\/nas-ransom-2.png\"><\/span><noscript><\/p>\n<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2020\/06\/29\/41bd7bf5-dd58-42a7-ad92-757aecec5670\/resize\/1200xauto\/2d56a81d4ddf70140563b8ca7d1d602c\/nas-ransom-2.png\" class alt=\"nas-ransom-2.png\" height=\"auto\" width=\"1200\"><\/span><\/p>\n<p><\/noscript> <span class=\"credit\">Image: ZDNet<\/span><\/p>\n<p>The recent attacks recorded over the past month appear to be <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/attackers-are-wiping-iomega-nas-devices-leaving-ransom-notes\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">a continuation of attacks that started last year<\/a>, and which have also exclusively targeted LenovoEMC (formerly Iomega) NAS stations.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>While last year&#8217;s attacks were not signed and used a different contact email, there are many similarities between the ransom note texts used in both 2019 and 2020 to believe the same threat actor is behind both attack waves.<\/p>\n<p>In a phone call today, Victor Gevers, a security researcher with the <a href=\"https:\/\/gdi.foundation\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">GDI Foundation<\/a>, told <em>ZDNet<\/em> he&#8217;s been tracking the attacks for years and that these recent intrusions appear to be the work of an unsophisticated hacker.<\/p>\n<p>Gevers said the hackers didn&#8217;t rely on a complex exploit, targeted devices that were already wide open on the internet, and didn&#8217;t bother encrypting the data.<\/p>\n<p>The Cl0ud SecuritY hackers claim to have copied the victim&#8217;s files to their servers and threatened to leak files, usually if a ransom note is not paid within five days.<\/p>\n<p>However, there is no evidence to suggest the data has been backed up anywhere, nor that any data from past victims has been leaked online anywhere over the past year.<\/p>\n<p>Based on current evidence, the ransom notes appear to carry empty threats, and their role seems to be to scare victims into paying a ransom demand for data hackers have already wiped.<\/p>\n<p>Gevers told <em>ZDNet<\/em> today that attacks against LenovoEMC (Iomega at the time) NAS devices are not new and that he investigated incidents as far back as 1998.<\/p>\n<p>Lenovo has discontinued both the LenovoEMC and Iomega NAS lines in 2018, and the reason why we only identified around 1,000 devices still exposed online, as most NAS stations have reached their EOL long ago and have been decommissioned by many users.<\/p>\n<p>However, some NAS devices are still running, and luckily, <a href=\"https:\/\/support.lenovo.com\/us\/en\/solutions\/LEN_11575\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">a Lenovo support page<\/a> on how to properly secure these types of devices is still available online for users seeking to secure their data.<\/p>\n<p>The attacks on LenovoEMC\/Iomega NAS devices are not the first that have targeted NAS devices in recent years. NAS devices have usually been targeted by DDoS malware, but also by ransomware gangs like <a href=\"https:\/\/www.zdnet.com\/article\/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys\/\" target=\"_blank\" rel=\"noopener noreferrer\">Muhstik<\/a>, <a href=\"https:\/\/www.zdnet.com\/article\/thousands-of-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware\/\" target=\"_blank\" rel=\"noopener noreferrer\">QSnatch<\/a>, and <a href=\"https:\/\/www.zdnet.com\/article\/qnap-nas-devices-targeted-in-another-wave-of-ransomware-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">eCh0raix<\/a>. The attacks on LenovoEMC\/Iomega devices are extortion attempts and not ransomware attacks, as they have not encrypted any files, but rather wiped data and demanded a recovery fee.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransom notes signed by &#8216;Cl0ud SecuritY&#8217; hacker group are being found on old LenovoEMC NAS devices.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35791,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-35790","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A hacker gang is wiping Lenovo NAS devices and asking for ransoms 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A hacker gang is wiping Lenovo NAS devices and asking for ransoms 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-29T19:57:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"A hacker gang is wiping Lenovo NAS devices and asking for ransoms\",\"datePublished\":\"2020-06-29T19:57:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/\"},\"wordCount\":562,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/\",\"name\":\"A hacker gang is wiping Lenovo NAS devices and asking for ransoms 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png\",\"datePublished\":\"2020-06-29T19:57:15+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png\",\"width\":1000,\"height\":500},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A hacker gang is wiping Lenovo NAS devices and asking for ransoms\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A hacker gang is wiping Lenovo NAS devices and asking for ransoms 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/","og_locale":"en_US","og_type":"article","og_title":"A hacker gang is wiping Lenovo NAS devices and asking for ransoms 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-06-29T19:57:15+00:00","og_image":[{"width":1000,"height":500,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"A hacker gang is wiping Lenovo NAS devices and asking for ransoms","datePublished":"2020-06-29T19:57:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/"},"wordCount":562,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/","url":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/","name":"A hacker gang is wiping Lenovo NAS devices and asking for ransoms 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png","datePublished":"2020-06-29T19:57:15+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms.png","width":1000,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"A hacker gang is wiping Lenovo NAS devices and asking for ransoms"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35790"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35790\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35791"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}