ECh0raix ransomware again attacks QNAP NAS

eCh0raix attacks QNAP NAS
Written by Emma Davis

The Bleeping Computer magazine warned that the eCh0raix ransomware operators have noticeably intensified and again quite successfully attacking QNAP NAS devices.

Let me remind you that in July 2019, researchers at several information security companies discovered the eCh0raix ransomware (also known as QNAPCrypt), which since 2018 has attacked QNAP NAS devices, encrypted victim files and demanded a ransom of 0.05-0.06 BTC or more.

At the time the malware was discovered, there was no way to decrypt the data without paying the ransom to the attackers”, – report Bleeping Computer journalists.

Later, at the end of the summer of 2019, an information security expert known under the pseudonym BloodDolly published a special utility on the Bleeping Computer forums for decrypting the affected information. In fact, this tool allowed brute force victims to pick up the decryption key and save their data.

However, when eCh0raix has returned, this utility no longer works – the malware developers have corrected the flaws in the encryption code.

A new surge in malware activity occurred on June 1, 2020: many new victims appeared on the Bleeping Computer forums and the ID-Ransomware ransomware identification site.

eCh0raix attacks QNAP NAS

Apparently, hackers gain access to QNAP devices through known vulnerabilities or by cracking weak passwords. As soon as the attackers gain access to the NAS, they install their ransomware on the device, which encrypts the files, adding the .encrypt extension to them.

Also, victims are left a note demanding a ransom README_FOR_DECRYPT.txt, which contains a link to the onion-site for payment. On this site, hackers require approximately $ 500 from victims to obtain a decryptor.

eCh0raix attacks QNAP NAS

In addition, one of the victims reported that after hacking, he found strange applications on his QNAP device. It is not yet clear whether they are associated with malware and are malicious packages installed by cybercriminals, or these are ordinary user packages that were encrypted and the device cannot read them correctly.

There is currently no way to recover files for free unless the user has QNAP Snapshot enabled on the device”, – told in Bleeping Computer.

Researchers remind that owners of QNAP NAS should remember and follow simple safety rules:

  • update QTS to the latest version,
  • install and update Security Counselor,
  • use strong passwords,
  • disable SSH and Telnet (if not used),
  • enable Network Access Protection and brute force attack protection,
  • avoid default ports (443 and 8080), enable QNAP Snapshot.

Overall, it is not recommended to connect the NAS device to the Internet without urgent necessity.

Howeve, not only eCh0raix should be afraid of QNAP NAS devices, let me remind you that QSnatch malware infected thousands of QNAP NAS devices.

User Review
4.5 (2 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

One Response

  1. Shane July 1, 2020

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.