1 min read

New eCh0raix Ransomware Campaign Targets QNAP NAS Devices

Vlad CONSTANTINESCU

December 29, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New eCh0raix Ransomware Campaign Targets QNAP NAS Devices

This week, QNAP NAS (Network-Attached Storage) device users reported that their systems were targeted by the infamous eCh0raix ransomware, also called QNAPCrypt.

The perpetrators seem to have intensified their activity about a week before Christmas. QNAP and Synology NAS system users reported eCh0raix/QNAPCrypt attacks regularly, but the frequency of the reports spiked around Dec. 20.

Security experts are still unclear on the initial vector of the attack. Some users admit they failed to secure the device properly, while others blame QNAP’s Photo Station vulnerability.

The eCh0raix/QNAPCrypt ransomware reportedly creates a new user in the administrator group, enabling it to encrypt all documents on the NAS device.

According to recent posts in a BleepingComputer forum thread, the threat actor focused on encrypting pictures and documents. Some of the users relied on QNAP NAS devices for business purposes.

Another point that sets this ransomware campaign apart from other eCh0raix attacks is that the perpetrators misspelled the extension of the ransom text document; instead of using the regular TXT extension, the threat actor used TXTT.

The ransomware demands ranged from .024 BTC to 0.06 BTC (roughly $1,200 - $3,000 currently) during recent attacks, including this campaign. Presumably, some QNAP NAS users had to pay the ransom, as they lacked backup options and had no other way to recover the encrypted content.

Users with compromised QNAP NAS devices can find a free tool for decrypting files locked by older versions of eCh0raix/QNAPCrypt (before July 17, 2019). However, there’s currently no free tool to counter the effects of recent versions of this threat actor (1.0.5 and 1.0.6).

To protect their QNAP NAS device against this ransomware campaign, users are advised to follow QNAP’s recommendations, which include better user management, installing a firewall, and updating apps frequently to their latest version.

Recently, QNAP released a statement warning customers about a NAS bitcoin mining malware that could target their devices. Experts noticed a considerable CPU spike in compromised NAS devices; a process named [oom_reaper] hogged as much as 50% of the total CPU usage.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members
Alina BÎZGĂ

August 12, 2022

2 min read
Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch
Graham CLULEY

August 11, 2022

1 min read
Creative scammers send their senior victim an Uber to take her to the bank Creative scammers send their senior victim an Uber to take her to the bank
Alina BÎZGĂ

August 11, 2022

2 min read