Recently users of QNAP network-attached storage (NAS) devices have been reporting their systems are being attacked by the eCh0raix ransomware, also known as QNAPCrypt. The initial infection vector of these attacks is still unclear but some of the incidents are believed to be due to users not properly securing their devices. As soon as the threat actor is within the system, they create a user in the system’s administrator group which allows them to have access to all the files on the NAS system and therefore allows them to encrypt all the files.
It has been observed that the ech0raix ransomware demands ranging from .024 ($1,200) to .06 bitcoins ($3,000) during these recent attacks. There is currently a free decryptor for files encrypted by an older version of eCh0raix ransomware (before July 17th, 2019). Although, there is no new decryptor for the latest variants of the ransomware (versions 1.0.5 and 1.0.6). Owners of NAS devices should follow QNAP’s recommendations to ensure proper protection of their NAS devices and the data they store.