1 min read

New eCh0raix Ransomware Campaign Targets QNAP NAS Devices

Vlad CONSTANTINESCU

December 29, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New eCh0raix Ransomware Campaign Targets QNAP NAS Devices

This week, QNAP NAS (Network-Attached Storage) device users reported that their systems were targeted by the infamous eCh0raix ransomware, also called QNAPCrypt.

The perpetrators seem to have intensified their activity about a week before Christmas. QNAP and Synology NAS system users reported eCh0raix/QNAPCrypt attacks regularly, but the frequency of the reports spiked around Dec. 20.

Security experts are still unclear on the initial vector of the attack. Some users admit they failed to secure the device properly, while others blame QNAP’s Photo Station vulnerability.

The eCh0raix/QNAPCrypt ransomware reportedly creates a new user in the administrator group, enabling it to encrypt all documents on the NAS device.

According to recent posts in a BleepingComputer forum thread, the threat actor focused on encrypting pictures and documents. Some of the users relied on QNAP NAS devices for business purposes.

Another point that sets this ransomware campaign apart from other eCh0raix attacks is that the perpetrators misspelled the extension of the ransom text document; instead of using the regular TXT extension, the threat actor used TXTT.

The ransomware demands ranged from .024 BTC to 0.06 BTC (roughly $1,200 - $3,000 currently) during recent attacks, including this campaign. Presumably, some QNAP NAS users had to pay the ransom, as they lacked backup options and had no other way to recover the encrypted content.

Users with compromised QNAP NAS devices can find a free tool for decrypting files locked by older versions of eCh0raix/QNAPCrypt (before July 17, 2019). However, there’s currently no free tool to counter the effects of recent versions of this threat actor (1.0.5 and 1.0.6).

To protect their QNAP NAS device against this ransomware campaign, users are advised to follow QNAP’s recommendations, which include better user management, installing a firewall, and updating apps frequently to their latest version.

Recently, QNAP released a statement warning customers about a NAS bitcoin mining malware that could target their devices. Experts noticed a considerable CPU spike in compromised NAS devices; a process named [oom_reaper] hogged as much as 50% of the total CPU usage.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read
Hackers Breach New Zealand Health Insurer Accuro Hackers Breach New Zealand Health Insurer Accuro
Filip TRUȚĂ

December 02, 2022

2 min read
Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read