SCW's Response to the March 2023 NVR Malware Incident
Cyber Attacks Happen. Here's How we Responded.

Summary of What Happened:
A cyber attack occurred on a small percentage of our client’s networks. These clients were unable to remotely access their Admiral or Imperial NVRs at that time via SCW Go, SCW View Station, and web access. Clients who experienced this issue have shown no signs of footage loss - just the inability to view it via network (remote or local).
Neither SCW services (such as our website or Survail platform), the third-party P2P service we utilize, or the network and NVRs that SCW uses internally were attacked. We saw evidence, on Admiral and Imperial NVRs with ARM processors (not Intel ones), of a type of virus that primarily affects routers.
The type of router that the customer had, as well as whether the user opened ports on that router (this is against our recommendations) determined whether the user experienced the attack.
Timeline of Events
What was Observed about the Malware
- The malware attempted to build TCP connections
- The data sent was encrypted, so we can't see exactly what it was, but the files sizes were so small as to clearly not be video or images.
- User logins and video are encrypted on the NVRs file system
- The malware was similar in behavior or in the family of “TheMoon” malware which attempts to set up a botnet
- We did not observe or get any reports of DDOS or flooding behaviors coming out of the NVRs
- The IPs observed were from Western Europe (Belgium, Germany, Sweden, Netherlands)
- At the time we’ve been asked to not share the specific IPs observed
- It’s also possible the IPs reached out may vary by incident
- No organizations have reached out to SCW or our manufacturer, claiming responsibility or making demands
- The malware was removed and current re-infection methods were prevented with 03-08 firmware and beyond
Prevention Steps
- Be sure to update firmware
- Do not use port forwarding, as expressed on the networking guide that goes out with every new order / manual
- Ideally use a VPN, if a VPN is not possible, use P2P with port mapping off (no UPNP or manual port forwarding)
- Keep firmware up to date - check monthly for Cloud Upgrades