{"id":6113,"date":"2021-11-28T09:42:07","date_gmt":"2021-11-28T00:42:07","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6113"},"modified":"2022-02-03T09:44:55","modified_gmt":"2022-02-03T00:44:55","slug":"a-surge-of-ech0raix-ransomware-attacks-seen-over-the-christmas-holidays-targeting-qnap-nas-devices","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/a-surge-of-ech0raix-ransomware-attacks-seen-over-the-christmas-holidays-targeting-qnap-nas-devices\/","title":{"rendered":"A surge of eCh0raix ransomware attacks seen over the Christmas holidays, targeting QNAP NAS devices"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6113\" class=\"elementor elementor-6113\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-21718bf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"21718bf\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f09ab40\" data-id=\"f09ab40\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-24f921e elementor-widget elementor-widget-text-editor\" data-id=\"24f921e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Recently users of QNAP network-attached storage (NAS) devices have been reporting their systems are being attacked by the eCh0raix ransomware, also known as QNAPCrypt. The initial infection vector of these attacks is still unclear but some of the incidents are believed to be due to users not properly securing their devices. As soon as the threat actor is within the system, they create a user in the system\u2019s administrator group which allows them to have access to all the files on the NAS system and therefore allows them to encrypt all the files.<\/p><p>It has been observed that the ech0raix ransomware demands ranging from .024 ($1,200) to .06 bitcoins ($3,000) during these recent attacks. There is currently a free decryptor for files encrypted by an older version of eCh0raix\u00a0ransomware (before July 17th, 2019). Although, there is no new decryptor for the latest variants of the ransomware (versions 1.0.5 and 1.0.6). Owners of NAS devices should follow QNAP\u2019s recommendations to ensure proper protection of their NAS devices and the data they store.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Recently users of QNAP network-attached storage (NAS) devices have been reporting their systems are being attacked by the eCh0raix ransomware, also known as QNAPCrypt. The initial infection vector of these attacks is still unclear but some of the incidents are believed to be due to users not properly securing their devices. As soon as the threat actor is within the<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6118,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,2,8,1],"tags":[],"class_list":["post-6113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-ce_news","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/02\/Picture1-19.jpg?fit=1379%2C950&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6113"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6113"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6113\/revisions"}],"predecessor-version":[{"id":6121,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6113\/revisions\/6121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6118"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}