Nextcloud Ransomware – NextCry

Ransomware has been one of the growing areas of data security threats in recent years. Wannacry was the biggest, best known approach of this. Essentially, a virus starts encrypting your files and holds them for ransom. If you give enough money (usually in bitcoin), they will give you the decrypt key to get your data back.

Well, Windows systems have been the target. Earlier this week one of the first ransomware variants targeting Windows, Mac and Linux was getting some news coverage, but in the last 24 hours there’s apparently a ransomware targeting Nextcloud servers. (Nextcloud typically runs on Linux servers.)

We support Nextcloud servers and have secured all of our installs against this threat. From what we’ve been able to tell from the initial reports this particular ransomware uses a vulnerability in PHP-fpm that was addressed a couple weeks ago.

We are keeping an eye out for news if this is spreading any other way. If you need help tightening your Nextcloud install, contact us and we’ll be glad to make sure your install of Nextcloud is tightened down.

This is a reminder of the importance of backups and keeping up with security updates. You may or may not be protecting sensitive information, but at the end of the day your data is important to you. Systems need to be kept updated to protect your data security.