Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS

Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices.

Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the Ransomware ID platform, warn of a new wave of ech0raix ransomware attacks targeting QNAP Network Attached Storage (NAS) devices.

The ransomware, tracked by Intezer as “QNAPCrypt”And“eCh0raix”By Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends .encrypt extension to filenames of encrypted files.

The ransomware has been active since at least 2019, the last wave of ech0raix attacks was discovered in December 2021, at the time ransomware operators were demanding a ransom raising from .024 ($ 1,200) up to .06 bitcoins ($ 3,000).

In August 2021, another variant of the eCh0raix ransomware started infecting Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology.

In May 2021, QNAP warned customers of threat actors that are targeting its NAS devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability.

The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. Independent experts observed a surge in eCh0raix infection reports between April 19 and April 26, 2021.

Now the experts observed a surge in the number of submissions to the ID Ransomware service and many users reported eCh0raix infections in the BleepingComputer forums.

“Although only a few dozen ech0raix samples have been submitted, the actual number is successful attacks is most likely higher since only some of the victims will use the ID Ransomware service to identify the ransomware that encrypted their devices.” reported BleepingComputer.

Source BleepingComputer

In May, the company issued the alert in response to a new wave of DeadBolt ransomware attacks targeting NAS devices using QTS 4.3.6 and QTS 4.4.1. The Taiwanese vendor asked users to install the latest update on their NAS devices and avoid exposing them on the Internet.

QNAP® Systems, Inc. recently detected a new attack by the DEADBOLT Ransomware. According to the investigation by the QNAP Product Security Incident Response Team (QNAP PSIRT), the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series. ” reads the advisory published by the company. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.”

Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claiming the availability of a zero-day exploit that allows them to encrypt the content of the infected systems.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (eg sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit:

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs hacking, QNAP)













Source

Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices.

Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the Ransomware ID platform, warn of a new wave of ech0raix ransomware attacks targeting QNAP Network Attached Storage (NAS) devices.

The ransomware, tracked by Intezer as “QNAPCrypt”And“eCh0raix”By Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends .encrypt extension to filenames of encrypted files.

The ransomware has been active since at least 2019, the last wave of ech0raix attacks was discovered in December 2021, at the time ransomware operators were demanding a ransom raising from .024 ($ 1,200) up to .06 bitcoins ($ 3,000).

In August 2021, another variant of the eCh0raix ransomware started infecting Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology.

In May 2021, QNAP warned customers of threat actors that are targeting its NAS devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability.

The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. Independent experts observed a surge in eCh0raix infection reports between April 19 and April 26, 2021.

Now the experts observed a surge in the number of submissions to the ID Ransomware service and many users reported eCh0raix infections in the BleepingComputer forums.

“Although only a few dozen ech0raix samples have been submitted, the actual number is successful attacks is most likely higher since only some of the victims will use the ID Ransomware service to identify the ransomware that encrypted their devices.” reported BleepingComputer.

Source BleepingComputer

In May, the company issued the alert in response to a new wave of DeadBolt ransomware attacks targeting NAS devices using QTS 4.3.6 and QTS 4.4.1. The Taiwanese vendor asked users to install the latest update on their NAS devices and avoid exposing them on the Internet.

QNAP® Systems, Inc. recently detected a new attack by the DEADBOLT Ransomware. According to the investigation by the QNAP Product Security Incident Response Team (QNAP PSIRT), the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series. ” reads the advisory published by the company. “QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.”

Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claiming the availability of a zero-day exploit that allows them to encrypt the content of the infected systems.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (eg sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit:

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs hacking, QNAP)













Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!