It has been found that the eCh0raix ransomware group is targeting QNAP network-attached storage (NAS) devices. The group attempts to take control of devices while acquiring admin privileges.
The storyline
Since December 20, the users of QNAP and Synology NAS systems have been reporting eCh0raix ransomware attacks. The increase in the number of attacks is further confirmed by the ID ransomware service.
- A limited number of NAS device users reported that the ransomware encrypted their files containing documents and pictures.
- In recent attacks, the ech0raix ransomware has been demanding a ransom between 0.06 bitcoins ($3,000) to 0.024 ($1,200). Few users had no backup options and they paid the ransom to get their files restored.
- Hackers were reportedly preparing for this attack since at least last week, prior to Christmas.
Additional insights
- The infection vector used to spread the ransomware is still not known. However, some users admitted to not securing the device properly, whereas others blamed a vulnerability in QNAP’s Photo Station.
- It seems that the ransomware operators have created a user in the administrator group that eventually allowed them to encrypt files on the NAS system.
The vendors of NAS devices have been warned regarding the ongoing ransomware attacks.
But, is decryption possible?
There is a free decryptor that can be used to unlock data for an older version (before July 17, 2019) of eCh0raix ransomware. However, there is no decryptor for the latest variants 1.0.5 and 1.0.6.
Past incidents
eCh0raix attacks began in June 2019 and have been continued ever since. Earlier in August this year, the QNAP notified their users of another wave of eCh0raix attacks targeting both QNAP and Synology devices.
Conclusion
The eCh0raix ransomware is a potential threat and users must stay alert. Users should update their devices with the latest security updates and reset default passwords.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/1e4a_shutterstock_1850196898.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/94f1_shutterstock_392885260.jpg)
