Singapore offshore vessel operator, Swire Pacific Offshore experiences ransomware attack by CL0P ransomware group
November 25, 2021
Vestas, Danish wind turbine manufacturer announces they suffered a ransomware attack
November 29, 2021

A surge of eCh0raix ransomware attacks seen over the Christmas holidays, targeting QNAP NAS devices

Recently users of QNAP network-attached storage (NAS) devices have been reporting their systems are being attacked by the eCh0raix ransomware, also known as QNAPCrypt. The initial infection vector of these attacks is still unclear but some of the incidents are believed to be due to users not properly securing their devices. As soon as the threat actor is within the system, they create a user in the system’s administrator group which allows them to have access to all the files on the NAS system and therefore allows them to encrypt all the files.

It has been observed that the ech0raix ransomware demands ranging from .024 ($1,200) to .06 bitcoins ($3,000) during these recent attacks. There is currently a free decryptor for files encrypted by an older version of eCh0raix ransomware (before July 17th, 2019). Although, there is no new decryptor for the latest variants of the ransomware (versions 1.0.5 and 1.0.6). Owners of NAS devices should follow QNAP’s recommendations to ensure proper protection of their NAS devices and the data they store.

Leave a Reply

Your email address will not be published. Required fields are marked *