New eCh0raix Ransomware Campaign Targets QNAP NAS Devices
This week, QNAP NAS (Network-Attached Storage) device users reported that their systems were targeted by the infamous eCh0raix ransomware, also called QNAPCrypt.
The perpetrators seem to have intensified their activity about a week before Christmas. QNAP and Synology NAS system users reported eCh0raix/QNAPCrypt attacks regularly, but the frequency of the reports spiked around Dec. 20.
Security experts are still unclear on the initial vector of the attack. Some users admit they failed to secure the device properly, while others blame QNAP’s Photo Station vulnerability.
The eCh0raix/QNAPCrypt ransomware reportedly creates a new user in the administrator group, enabling it to encrypt all documents on the NAS device.
According to recent posts in a BleepingComputer forum thread, the threat actor focused on encrypting pictures and documents. Some of the users relied on QNAP NAS devices for business purposes.
Another point that sets this ransomware campaign apart from other eCh0raix attacks is that the perpetrators misspelled the extension of the ransom text document; instead of using the regular TXT extension, the threat actor used TXTT.
The ransomware demands ranged from .024 BTC to 0.06 BTC (roughly $1,200 - $3,000 currently) during recent attacks, including this campaign. Presumably, some QNAP NAS users had to pay the ransom, as they lacked backup options and had no other way to recover the encrypted content.
Users with compromised QNAP NAS devices can find a free tool for decrypting files locked by older versions of eCh0raix/QNAPCrypt (before July 17, 2019). However, there’s currently no free tool to counter the effects of recent versions of this threat actor (1.0.5 and 1.0.6).
To protect their QNAP NAS device against this ransomware campaign, users are advised to follow QNAP’s recommendations, which include better user management, installing a firewall, and updating apps frequently to their latest version.
Recently, QNAP released a statement warning customers about a NAS bitcoin mining malware that could target their devices. Experts noticed a considerable CPU spike in compromised NAS devices; a process named [oom_reaper] hogged as much as 50% of the total CPU usage.
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022