StorageCrypt targets Network Attached Storage (NAS) devices, such as Western Digital My Cloud, and infects devices via the Linux Samba vulnerability dubbed SambaCry. The vulnerability allows attackers to download and execute commands on affected devices via command shell. StorageCrypt encrypts all files on the NAS and appends .locked to filenames. A ransom note named _READ_ME_FOR_DECRYPT.txt lists a contact email address of JeanRenoAParis@protonmail.com and demands payment ranging from .4 to 2 Bitcoin for decryption. Autorun.inf and a Windows executable file named 美女与野兽.exe, which translates to beauty and the beast, are downloaded to each folder contained within the NAS in an attempt to infect additional computers.
- Bleeping Computer provides more information on StorageCrypt here.
- The NJCCIC is not aware of any decryption tools available for StorageCrypt.
Image Source: Bleeping Computer