New NextCry ransomware attacks NextCloud files and Linux servers
Now new NextCry ransomware in the news.
If you are working on your system and suddenly you notice that it’s working slower.
Or, there might be a scenario that you can’t access any document or media file on your system.
Therefore, it might be the case that you are getting error messages from Windows
Which tells you like “unknown file type” or “Windows can’t open this file.”
And, if you are on Mac System.
You may see the message “no application set to open the document”
Therefore, “No associated application”.
Another case is that your system is completely locked out.
If other people in your office are also experiencing the same issue, then there might be a message.
“Oops, your important files are encrypted”.
In all the above cases, your system is infected with ransomware.
This is a prominent threat for businesses of all sizes and individuals for almost two decades.
The new ransomware known as NextCry has recently surfaced which is affecting Nextcloud file-sharing software.
Nextcloud typically runs on the Linux server and NextCry ransomware is targeting them directly.
- This ransomware has got its name from the extension which it attaches to the names of encrypted files.
- This malware attacks those clients using the Nextcloud file sync and sharing service
How NextCry Works?
Basically, NextCry works in the same way as that of any other ransomware attacks.
It spreads into the system of users and encrypts the files.
And, to decrypt it, the users or enterprises it forces them to pay a certain ransom to the attackers to get the decryption key.
Usually, NextCry spreads over the Nextcloud-enabled systems and it reads the Nextcloud’s config.php to find out the data directory.
Then, it deletes all the data backup files and folders and starts encrypting the victim’s files.
How much ransom does it demand?
This malware demands a ransom of BTC 0.025 which is around $210 to decrypt the files of users.
How to stay safe from NextCry ransomware?
Nextcloud has recommended all its users running NGINX servers to upgrade the PHP packages to the latest versions.
The company has also listed some of the upstream PHP packages with a fix to its exposure.
However, they have also suggested updating the NGINX config file along with updating the location segment followed by restarting the server.
Currently, there is no decryption strategy available to help the victims.
Therefore, each individual and organization needs to be careful when it comes to encrypting their data.
Even a single bit of negligence may lead to ransomware.
Moreover, a security violation is predictable, its a good to have a backup of your important files and data.
So, keep your server’s backup in a healthy condition.
Also, tight the security of your network to avoid a breach.