What’s the matter?
Security researcher BloodDolly has released a decryption tool for the eCh0raix ransomware. This decryptor will help victims recover their encrypted files on their QNAP NAS devices for free.
What is eCh0raix?
eCh0raix, also known as QNAPCrypt, is a ransomware that targets QNAP Network Attached Storage (NAS) devices used for backups and file storage. The QNAP NAP devices are compromised by brute-forcing weak credentials and exploiting known vulnerabilities. Upon encryption, the ransomware will append the .encrypt extension to the encrypted file's name.
The current version of the decryptor works for only victims who were infected before July 17, 2019. It does not work for newer versions of the ransomware. The newer versions will have 173 characters long key at the end of the ransom note. The security researcher is working on creating a decryptor for the newer versions.
How does the decryptor work?