After Deadbolt, eCh0raix Ransomware Targets QNAP NAS Devices

How many devices have been infected?

• The reason is, that only some of the victims will use the ID Ransomware service to identify the ransomware that encrypted their devices.
• eChOraix ransomware has been used to encrypt Synology NAS systems since August 2021. This time victims have only reported attacks on QNAP NAS devices.
• eChOraix, also known as QNAPCrypt, has been hitting QNAP customers since 2019.  In its security advisory, QNAP has provided detailed step-by-step instructions on changing the NAS password, enabling IP Access Protection, and changing the system port number.

DeadBolt ransomware continues to target QNAP

• Even last month, QNAP warned its users about Deadbolt ransomware attacks on its NAS devices. The current attack marks the fourth attack this year on the network vendor.
• To prevent from this, QNAP has urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.
• Moreover, Deadbolt also adopted a new multi-tiered extortion scheme.
• While Most ransomware families require victims to go through a series of complicated steps in order to get their data back, DeadBolt has added a web interface layer that automatically sends the decryption key to the victim.

Stay safe

• Use stronger passwords for your administrator accounts
• Enabling IP Access Protection to protect accounts from brute force attacks
• Avoid using default port numbers 443 and 8080
• Disable Universal Plug and Play (UPnP) port
• Check and update QTS to the latest version
• Use a secure VPN – use strong passwords and two-factor authentication, secure connections and ports, and shut down unused and out-of-date services.