Hackers are attacking NextCloud programs with the new ransomware NextCry

Cybersecurity professionals warned that ransomware NextCry is infecting NextCloud’s systems.

The virus was first detected by a user who then subsequently posted his findings on BleepingComputer’s forum.

The user wrote that even though he immediately realized that he had been hacked, he was too late to save some of his files from being encrypted by the Python-based malware.

NextCry targets NextCloud file share and sync data directory by reading the service’s config.php file. It then moves on to delete any files that could be used to restore files before encrypting the rest.

In one ransom note shared in the community, it was revealed that the hackers demanded roughly $210 worth in bitcoin to decrypt the files.

NextCloud had publicly alerted people to a remote code execution vulnerability in late October, which it has confirmed is the security hole that the hackers are using with NextCry.

It is now recommending that administrators upgrade their PHP packages and NGINX configuration files to the latest version to avoid falling prey to the laptop-wielding larcenists.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.